CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

783 matches found

Hacker One•added 2017/05/11 6:53 p.m.•13 views

shopify-scripts: Heap Overflow in fiber_switch triggered from Fiber.transfer

It appears as if my recommendations were ignored in the GitHub issue, so I've repeated the issue here. PoC Fiber.new.transfer 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0 Explanation The cause of this is th...

Hacker One•added 2017/04/19 2:3 p.m.•21 views

shopify-scripts: heap use after free in fiber_switch

@ssarong reported an input that triggers a heap use-after-free: https://github.com/mruby/mruby/issues/3619 The issue was addressed upstream in https://github.com/mruby/mruby/commit/15fba69710c7395b4e9523edb191ef84f672fa28...

Hacker One•added 2017/04/05 4:41 p.m.•20 views

shopify-scripts: SIGABRT in sym_validate_len - symbol.c:44

File 2 as input causes a sigabrt in mruby. mruby raise an exception in symvalidatelen symbol.c:44 0 0x00000000005d3908 in raise 1 0x00000000005d3b3a in abort 2 0x0000000000415b52 in mrbexcraise mrb=, exc=... at /tmp/mruby/src/error.c:310 3 0x0000000000415c81 in mrbraise mrb=0x94fc10, c=, msg= at...

Hacker One•added 2017/04/04 5:2 p.m.•19 views

shopify-scripts: Invalid pointer dereference in OP_ENTER

PoC === The following demonstrates a mruby/sandbox crash: def methodmissing end send...

Hacker One•added 2017/04/04 4:56 p.m.•26 views

shopify-scripts: SIGSEGV in array_copy - array.c:71

File 2 as input causes a segfault in mruby. mruby crashes in arycopy array.c:71: Program received signal SIGSEGV, Segmentation fault. 0x000000000040e088 in arraycopy src=, size=, dst= at /tmp/mruby/src/array.c:71 71 dsti = srci; Test platform: Linux 3.16.0-4-amd64 1 SMP Debian 3.16.39-1+deb8u1...

Hacker One•added 2017/04/03 1:22 a.m.•22 views

shopify-scripts: Null pointer dereference in OP_ENTER

PoC === The following demonstrates a crash: class A def foo end end class B argv = ary-ptr; gdb p ary $1 = struct RArray 0x0 Test platform ============= Linux Mint 17.3 Cinnamon 64-bit, built with gcc version 4.8.4 Ubuntu 4.8.4-2ubuntu114.04.3 mruby SHA: a14a930c800aa50a191922580d53a2ce09287912...

Hacker One•added 2017/03/29 8:41 p.m.•19 views

shopify-scripts: SIGSEGV in mrb_vm_exec

PoC ------------------- The following code triggers the bug attached as testmrbvmexec.rb: def methodmissingmeth,argsyieldmeth,argsend enumfor.next Debug - mirb ------------------- x@x:/Desktop/test/mruby/bin$ gdb -q ./mirb rReading symbols from ./mirb...done. gdb r testmrbvmexec.rb Starting...

Hacker One•added 2017/03/29 12:42 p.m.•14 views

shopify-scripts: Heap Buffer Overflow in mrb_hash_keys

@ssarong reported a heap buffer overflow in MRuby: https://github.com/mruby/mruby/issues/3565 The issue was corrected in https://github.com/mruby/mruby/commit/39ca4ef3bcdfec6047647e697f94cb84f2251175...

Hacker One•added 2017/03/28 6:59 a.m.•13 views

shopify-scripts: Crash in ary_concat()

The code above raises a segmentation fault both in mruby and mruby-engine N case when nil -do end def eend end ASAN report : line 1:3: '' interpreted as argument prefix ASAN:SIGSEGV ================================================================= ==111090==ERROR: AddressSanitizer: SEGV on unknow...

Hacker One•added 2017/03/27 8:11 a.m.•23 views

shopify-scripts: Null pointer dereferences in mrb_get_args

@ssarong reported a null pointer dereference in MRuby: https://github.com/mruby/mruby/issues/3559 The issue was corrected in https://github.com/mruby/mruby/commit/dcbfe7162586eb46e583cb140f4f6cde7ae2b87a...

Hacker One•added 2017/03/24 5:27 p.m.•20 views

shopify-scripts: Null pointer dereference in mrb_class

PoC === The following demonstrates a crash: if def class A ensure e rescue 0 end end .map.a Debug info ========== The crash happens due to a null pointer dereference in mrbclass, class.h:50. 50├ return mrbobjptrv-c; Valgrind shows several reads inside free'd blocks. Test platform =============...

Hacker One•added 2017/03/24 2:38 p.m.•18 views

shopify-scripts: Garbage collector crash

This github issue-tt != MRBTTFREE' failed. Aborted The issue was reintroduced in ecee8c51b0ad8cddd9e422a3e5105f902d7e2781 and is still present in 051e40c0493f2de332f5439e3230c9fe6958bf1a. The issue is fixed by reverting ecee8c51b0ad8cddd9e422a3e5105f902d7e2781. Thank you, Dinko Galetic Denis Kasa...

Hacker One•added 2017/03/19 3:38 p.m.•15 views

shopify-scripts: Null pointer dereference in ary_concat

PoC === The following demonstrates a crash: def f end @a = f &:s Debug info ========== mruby crashes in array.c:260 due to a null pointer dereference. 256│ aryconcatmrbstate mrb, struct RArray a, struct RArray a2 257│ 258│ mrbint len; 259│ 260├ if a2-len ARYMAXSIZE - a-len 261│ mrbraisemrb,...

Hacker One•added 2017/03/17 2:11 p.m.•11 views

shopify-scripts: Null pointer dereferences in ary_concat

@ssarong reported a null pointer dereference in MRuby: https://github.com/mruby/mruby/issues/3532 The issue was corrected in https://github.com/mruby/mruby/commit/d35fcf1ea2bfc3933b2f2543265874669feeee95...

Hacker One•added 2017/03/16 7:48 p.m.•22 views

shopify-scripts: SIGABRT - mirb and mruby

PoC ------------------- The following code triggers the bug attached as test.rb: def methodmissingm,e self.ff||=00end e Debug - mirb ------------------- x@x:/Desktop/test/mruby/bin$ gdb -q ./mirb Reading symbols from ./mirb...done. gdb r test.rb Starting program: /home/x/Desktop/test/mruby/bin/mi...

Hacker One•added 2017/03/14 12:21 a.m.•18 views

shopify-scripts: Use-after-free leading to an invalid pointer dereference

PoC === The following code demonstrates a crash: class A rescue Struct.new.new.toh end end Discussion ========== mruby crashes due to an invalid pointer dereference in vm.c:1692: 1689│ LRESCUE: 1690│ if ci-ridx == 0 goto LSTOP; 1691│ proc = ci-proc; 1692├ irep = proc-body.irep; gdb print ci-proc ...

Hacker One•added 2017/03/10 11:48 a.m.•47 views

Ruby: sprintf combined format string attack

In a ticket that was also reported to "shopify-scripts" regarding "MRuby", I reported in details a combined attack against the sprintf gem: Information leak Heap buffer underflow The full ticket details can be found in: Ticket 212239 The ticked was opened several minutes ago but I add it in case ...

6.4CVSS8.1AI score0.01399EPSS

Hacker One•added 2017/03/10 12:58 a.m.•16 views

shopify-scripts: Null pointer dereference in mrb_class

The following code demonstrates a segfault in mruby and mruby-engine: module A module A ensure module A module A module A module A ensure module A module A module A module A module A module A a ensure module A yield end end end end end end end end end end end end end The mruby crash is due to a...

Hacker One•added 2017/03/06 7:30 a.m.•25 views

shopify-scripts: Null pointer dereference in 'get_file'

@ssarong reported a null pointer dereference in MRuby: https://github.com/mruby/mruby/issues/3492 This issue was fixed in the following commits: https://github.com/mruby/mruby/commit/dcf6a413cab097e39d2d883d7c8c297d29ea43b8...

Hacker One•added 2017/03/04 3:3 p.m.•12 views

shopify-scripts: Null pointer dereferences from mrb_vm_exec

@ssarong reported a null pointer dereference in MRuby: https://github.com/mruby/mruby/issues/3491 The issue was fixed in the following commits: https://github.com/mruby/mruby/commit/b8461c86817fd2f766746e61e9f93362955a3474...

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by