CVE-2018-12248

HIGH

mruby 1.4.1 - Buffer Overflow

Title source: llm

Description

An issue was discovered in mruby 1.4.1. There is a heap-based buffer over-read associated with OP_ENTER because mrbgems/mruby-fiber/src/fiber.c does not extend the stack in cases of many arguments to fiber.

References (2)

Core 2

Core References

Issue Tracking, Third Party Advisory x_refsource_misc

https://github.com/mruby/mruby/issues/4038

Patch, Third Party Advisory x_refsource_misc

https://github.com/mruby/mruby/commit/778500563a9f7ceba996937dc886bd8cde29b42b

View Patch ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0027

EPSS Percentile 50.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-125

Status published

Products (1)

mruby/mruby 1.4.1

Published Jun 12, 2018

Tracked Since Feb 18, 2026