Description
The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impact via a crafted .rb file.
References (3)
Core 3
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/mruby/mruby/issues/3486
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/mruby/mruby/commit/5c114c91d4ff31859fcd84cf8bf349b737b90d99
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2022/05/msg00006.html
Scores
CVSS v3
7.8
EPSS
0.0020
EPSS Percentile
42.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (2)
debian/debian_linux
9.0
mruby/mruby
< 1.2.0
Published
Jun 11, 2017
Tracked Since
Feb 18, 2026