H2O HTTP Server < 2.0.4 DoS Vulnerability

H2O allows remote attackers to cause a denial of service DoS via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

shopify-scripts: mruby heredoc notation

Hi There exists a vulnerability in mruby when using the heredoc notation it doesn't need ulimit The minified test can be generated with the following command: ruby -e 'IO.binwrite"j3.rb", "\xa7 This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent...

shopify-scripts: SEGV on ary_concat

The following input demonstrates a crash: def z return begin 0.each do return end rescue = x ensure x.backtrace end end z ASAN report ./mruby/bin/mruby asd.rb ASAN:DEADLYSIGNAL ================================================================= ==43761==ERROR: AddressSanitizer: SEGV on unknown...

shopify-scripts: Invalid read leading to a segfault

PoC === The attached POC demonstrates invalid reads leading to a segfault. Debug info ========== gdb report: 423│ dispatchlinkedcodegenscope s, int pc 424│ 425│ mrbcode i; 426│ int pos; 427│ 428│ if !pc return; 429│ for ;; 430├─── i = s-iseqpc; gdb p pc $1 = -32730 valgrind report: ==21952==...

shopify-scripts: Use after free in mruby-mpdecimal

Running the following ruby script in mruby compiled with ASAN enabled causes a use after free error: x=inspect.tod-0 Output of mruby with ASAN: $ ./ext/enterprisescriptservice/mruby/bin/mruby crash.rb trace: 0 crash.rb:1 1...

shopify-scripts: Null pointer dereference with send/method_missing

The following program triggers a null pointer dereference with mruby b200c747: ruby def methodmissingm ensure begin A rescue break rescue end end send '' ASAN report: text ASAN:DEADLYSIGNAL ================================================================= ==12116==ERROR: AddressSanitizer: SEGV on...

mruby Denial of Service Vulnerability

mruby is a lightweight implementation of the Ruby language. A security vulnerability exists in the gc.c file 'markcontextstack' function in mruby 1.2.0 and earlier. An attacker can exploit this vulnerability with the help of a specially crafted .rb file to cause a denial of service heap reuse aft...

Denial Of Service (DoS)

mruby is vulnerable to denial of service DoS attacks. The attacks exist because the markcontextstack function in gc.c does not properly handle a .rb file, allowing the attacker to trigger a heap-based use-after-free and application crash possibly other impacts using a malicious .rb file...

CVE-2017-9527

The markcontextstack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service heap-based use-after-free and application crash or possibly have unspecified other impact via a crafted .rb file...

UBUNTU-CVE-2017-9527

The markcontextstack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service heap-based use-after-free and application crash or possibly have unspecified other impact via a crafted .rb file...

Heap overflow

The markcontextstack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service heap-based use-after-free and application crash or possibly have unspecified other impact via a crafted .rb file...

CVE-2017-9527

The markcontextstack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service heap-based use-after-free and application crash or possibly have unspecified other impact via a crafted .rb file...

CVE-2017-9527

The markcontextstack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service heap-based use-after-free and application crash or possibly have unspecified other impact via a crafted .rb file...

CVE-2017-9527

mruby

CVE-2017-9527

The markcontextstack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service heap-based use-after-free and application crash or possibly have unspecified other impact via a crafted .rb file...

Heap use-after-free in mark_context_stack

The markcontextstack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service heap-based use-after-free and application crash or possibly have unspecified other impact via a crafted .rb file...

Format string

H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service DoS via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy...

CVE-2016-4864

H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service DoS via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy...

CVE-2016-4864

CVE-2016-4864 affects H2O web server: versions 2.0.3 and earlier and 2.1.0-beta2 and earlier are vulnerable to a DoS via format string specifiers in template files processed by fastcgi, mruby, proxy, redirect or reproxy. Connected sources confirm this vulnerability class and affected ranges, with...

CVE-2016-4864

H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service DoS via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy...