An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 3.1.0-rc. The vulnerability causes a segmentation fault and application...
7.5CVSS
7.3AI Score
0.001EPSS
NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the...
6.5CVSS
6.3AI Score
0.0004EPSS
5.5CVSS
5.4AI Score
0.001EPSS
Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2. # Impact: Possible arbitrary code execution if being...
7.8CVSS
7.9AI Score
0.0005EPSS
In versions of mruby up to and including 1.4.0, a use-after-free vulnerability exists in src/io.c::File#initilialize_copy(). An attacker that can cause Ruby code to be run can possibly use this to execute arbitrary...
9.8CVSS
9.7AI Score
0.003EPSS
An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class, related to certain .clone usage, because mrb_obj_clone in kernel.c copies flags other than the MRB_FLAG_IS_FROZEN flag (e.g., the embedded...
7.5CVSS
7.5AI Score
0.001EPSS
An issue was discovered in mruby 1.4.1. There is a heap-based buffer over-read associated with OP_ENTER because mrbgems/mruby-fiber/src/fiber.c does not extend the stack in cases of many arguments to...
7.5CVSS
7.6AI Score
0.001EPSS
7.8CVSS
7.6AI Score
0.0005EPSS
heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being...
9.8CVSS
9.7AI Score
0.002EPSS
Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being...
9.8CVSS
9.7AI Score
0.002EPSS
Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being...
9.8CVSS
9.7AI Score
0.002EPSS
9.1CVSS
9.3AI Score
0.002EPSS
8.2CVSS
8.3AI Score
0.0005EPSS
5.5CVSS
5.3AI Score
0.001EPSS
9.1CVSS
9.2AI Score
0.002EPSS
5.5CVSS
5.3AI Score
0.001EPSS
7.1CVSS
6.7AI Score
0.001EPSS
9.8CVSS
9.3AI Score
0.002EPSS
9.1CVSS
9AI Score
0.002EPSS
9.8CVSS
9.3AI Score
0.002EPSS
9.1CVSS
9AI Score
0.002EPSS
7.5CVSS
7.3AI Score
0.001EPSS
5.5CVSS
5.3AI Score
0.001EPSS
7.5CVSS
7.3AI Score
0.001EPSS
An untrusted pointer dereference in mrb_vm_exec() of mruby v3.0.0 can lead to a segmentation fault or application...
7.5CVSS
7.3AI Score
0.001EPSS
9.8CVSS
9.3AI Score
0.002EPSS
7.5CVSS
7.3AI Score
0.001EPSS
7.5CVSS
7.3AI Score
0.001EPSS
7.8CVSS
7.6AI Score
0.002EPSS
mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. It can be triggered via the stack_copy...
9.8CVSS
9.6AI Score
0.005EPSS
9.8CVSS
9.4AI Score
0.005EPSS
9.8CVSS
9.7AI Score
0.005EPSS
9.8CVSS
9.4AI Score
0.007EPSS
The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative...
7.5CVSS
7.5AI Score
0.003EPSS
An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class_real because "class BasicObject" is not properly supported in...
7.5CVSS
7.8AI Score
0.002EPSS
The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and application crash) or possibly have unspecified other...
9.8CVSS
9.6AI Score
0.007EPSS
In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec() when handling OP_GETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute arbitrary...
9.8CVSS
9.7AI Score
0.005EPSS
The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impact via a crafted .rb...
7.8CVSS
7.9AI Score
0.002EPSS