Mruby Security Vulnerabilities and Issues — Mruby CVE List

Lucene search

MrubyMruby

38 matches found

CVE•added 2023/02/14 4:15 p.m.•186 views

CVE-2021-46023

An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 3.1.0-rc. The vulnerability causes a segmentation fault and application crash.

7.5CVSS7.3AI score0.00076EPSS

CVE•added 2022/04/10 10:15 a.m.•142 views

CVE-2022-1276

Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.

9.8CVSS9.5AI score0.00796EPSS

CVE•added 2022/03/10 1:15 a.m.•133 views

CVE-2022-0890

NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2.

7.1CVSS5.6AI score0.00273EPSS

CVE•added 2020/01/11 3:15 a.m.•130 views

CVE-2020-6840

In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mruby-hash-ext/src/hash-ext.c.

9.8CVSS9.4AI score0.00418EPSS

CVE•added 2020/01/11 3:15 a.m.•129 views

CVE-2020-6839

In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_to_dbl in string.c.

9.8CVSS9.7AI score0.00512EPSS

CVE•added 2020/01/11 3:15 a.m.•123 views

CVE-2020-6838

In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems/mruby-hash-ext/src/hash-ext.c.

9.8CVSS9.4AI score0.00418EPSS

CVE•added 2022/02/19 2:15 p.m.•115 views

CVE-2022-0632

NULL Pointer Dereference in Homebrew mruby prior to 3.2.

5.5CVSS5.2AI score0.00299EPSS

CVE•added 2022/02/18 2:15 p.m.•102 views

CVE-2022-0631

Heap-based Buffer Overflow in Homebrew mruby prior to 3.2.

9.8CVSS7.5AI score0.00269EPSS

CVE•added 2022/04/02 8:15 a.m.•101 views

CVE-2022-1201

NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system.

7.1CVSS6.4AI score0.00133EPSS

CVE•added 2022/03/26 4:15 a.m.•97 views

CVE-2022-1071

User after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2.

8.2CVSS8AI score0.00304EPSS

CVE•added 2022/04/23 12:15 a.m.•95 views

CVE-2022-1427

Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2. # Impact: Possible arbitrary code execution if being exploited.

7.8CVSS7.9AI score0.0024EPSS

CVE•added 2022/02/09 4:15 a.m.•90 views

CVE-2022-0525

Out-of-bounds Read in Homebrew mruby prior to 3.2.

9.1CVSS8.9AI score0.00297EPSS

CVE•added 2022/03/27 2:15 p.m.•90 views

CVE-2022-1106

use after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2.

9.1CVSS8.2AI score0.00186EPSS

CVE•added 2022/02/17 7:15 a.m.•84 views

CVE-2022-0623

Out-of-bounds Read in Homebrew mruby prior to 3.2.

9.1CVSS7.6AI score0.00433EPSS

CVE•added 2022/02/04 11:15 p.m.•82 views

CVE-2022-0481

NULL Pointer Dereference in Homebrew mruby prior to 3.2.

7.8CVSS6.2AI score0.00184EPSS

CVE•added 2022/02/16 10:15 a.m.•79 views

CVE-2022-0614

Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2.

8.4CVSS5.8AI score0.00297EPSS

CVE•added 2022/01/02 12:15 p.m.•76 views

CVE-2022-0080

mruby is vulnerable to Heap-based Buffer Overflow

9.8CVSS8.9AI score0.00343EPSS

CVE•added 2022/02/19 2:15 p.m.•76 views

CVE-2022-0630

Out-of-bounds Read in Homebrew mruby prior to 3.2.

7.1CVSS6.7AI score0.00297EPSS

CVE•added 2022/02/23 2:15 a.m.•76 views

CVE-2022-0717

Out-of-bounds Read in GitHub repository mruby/mruby prior to 3.2.

9.1CVSS7.9AI score0.00297EPSS

CVE•added 2022/02/14 12:15 p.m.•75 views

CVE-2022-0570

Heap-based Buffer Overflow in Homebrew mruby prior to 3.2.

9.8CVSS9.1AI score0.0027EPSS

CVE•added 2022/04/05 4:15 a.m.•75 views

CVE-2022-1212

Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.

9.8CVSS9.8AI score0.00315EPSS

CVE•added 2018/06/12 2:29 p.m.•72 views

CVE-2018-12249

An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class_real because "class BasicObject" is not properly supported in class.c.

7.5CVSS7.8AI score0.00659EPSS

CVE•added 2020/07/21 3:15 p.m.•71 views

CVE-2020-15866

mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. It can be triggered via the stack_copy function.

9.8CVSS9.6AI score0.00599EPSS

CVE•added 2022/01/17 2:15 p.m.•71 views

CVE-2022-0240

mruby is vulnerable to NULL Pointer Dereference

7.5CVSS6.7AI score0.00299EPSS

CVE•added 2021/07/01 3:15 a.m.•70 views

CVE-2020-36401

mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_free and obj_free).

7.8CVSS7.6AI score0.00242EPSS

CVE•added 2022/04/10 11:15 a.m.•70 views

CVE-2022-1286

heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.

9.8CVSS8.1AI score0.00581EPSS

CVE•added 2021/12/30 7:15 a.m.•66 views

CVE-2021-4188

mruby is vulnerable to NULL Pointer Dereference

7.5CVSS6.9AI score0.00286EPSS

CVE•added 2022/01/21 7:15 a.m.•66 views

CVE-2022-0326

NULL Pointer Dereference in Homebrew mruby prior to 3.2.

5.5CVSS5.5AI score0.00299EPSS

CVE•added 2018/04/17 9:29 p.m.•64 views

CVE-2018-10191

In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec() when handling OP_GETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute arbitrary code.

9.8CVSS9.7AI score0.01362EPSS

CVE•added 2022/05/31 3:15 a.m.•63 views

CVE-2022-1934

Use After Free in GitHub repository mruby/mruby prior to 3.2.

7.8CVSS6.2AI score0.00143EPSS

CVE•added 2021/12/15 5:15 a.m.•61 views

CVE-2021-4110

mruby is vulnerable to NULL Pointer Dereference

9.1CVSS7.5AI score0.00455EPSS

CVE•added 2018/06/12 2:29 p.m.•59 views

CVE-2018-12248

An issue was discovered in mruby 1.4.1. There is a heap-based buffer over-read associated with OP_ENTER because mrbgems/mruby-fiber/src/fiber.c does not extend the stack in cases of many arguments to fiber.

7.5CVSS7.6AI score0.00274EPSS

CVE•added 2018/06/05 1:29 p.m.•54 views

CVE-2018-11743

The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and application crash) or possibly have unspecified other impact.

9.8CVSS9.6AI score0.00597EPSS

CVE•added 2018/07/17 3:29 a.m.•46 views

CVE-2018-14337

The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length.

7.5CVSS7.5AI score0.00384EPSS

CVE•added 2022/01/14 8:15 p.m.•46 views

CVE-2021-46020

An untrusted pointer dereference in mrb_vm_exec() of mruby v3.0.0 can lead to a segmentation fault or application crash.

7.5CVSS7.3AI score0.00303EPSS

CVE•added 2017/06/11 5:29 p.m.•45 views

CVE-2017-9527

The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impact via a crafted .rb file.

7.8CVSS7.9AI score0.00202EPSS

CVE•added 2018/06/12 2:29 p.m.•43 views

CVE-2018-12247

An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class, related to certain .clone usage, because mrb_obj_clone in kernel.c copies flags other than the MRB_FLAG_IS_FROZEN flag (e.g., the embedded flag).

7.5CVSS7.5AI score0.00275EPSS

CVE•added 2018/04/18 3:29 p.m.•41 views

CVE-2018-10199

In versions of mruby up to and including 1.4.0, a use-after-free vulnerability exists in src/io.c::File#initilialize_copy(). An attacker that can cause Ruby code to be run can possibly use this to execute arbitrary code.

9.8CVSS9.7AI score0.01519EPSS