mruby is vulnerable to denial of service (DoS) attacks. The attacks exist because the mark_context_stack()
function in gc.c
does not properly handle a .rb
file, allowing the attacker to trigger a heap-based use-after-free and application crash (possibly other impacts) using a malicious .rb
file.