shopify-scripts: Memory disclosure in mruby String#lines method

This bug was found with jmlb337. Hey again, while reviewing mruby for vulnerabilities, I stumble onto a case that allow an attacker to leak heap content including pointer that can be used along another vulnerability to craft a complete exploit. Reproduction Step 1. Allocate a string with a few...

shopify-scripts: Denial of Service in mruby due to null pointer dereference

Hi, The following file causes a segmentation fault in mruby, which also causes a segmentation fault in mruby-engine. I've minimized this file down to the bare bones what crashes it, and renamed variables so you can see what is needed and what isn't. a="any splat operator", case "any object or nil...

shopify-scripts: Exception cause SIGABRT

Overriding the tos method of an exception and raise it from a sandboxed mruby evaluation result in a abort call from mruby. This results with the whole ruby process terminating. Tested on 4cd4dfc855f0cce18b1ee2f318927c13edb20d14 POC poc.rb class A 2 0x00007fe2ac234bbc in mrbexcraise...