CVE-2018-12248 — Out-of-bounds Read in Mruby

CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 49.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mruby Debian Mruby

Timeline

PublishedJun 12

Latest updateMay 13

Description

An issue was discovered in mruby 1.4.1. There is a heap-based buffer over-read associated with OP_ENTER because mrbgems/mruby-fiber/src/fiber.c does not extend the stack in cases of many arguments to fiber.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/mruby< mruby 1.4.1+20180622+git640fca32-1 (bookworm)

▶Debianmruby/mruby< 1.4.1+20180622+git640fca32-1+3

▶NVDmruby/mruby1.4.1

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-96p2-24jg-gc5w: An issue was discovered in mruby 1↗2022-05-13

▶

OSV

CVE-2018-12248: An issue was discovered in mruby 1↗2018-06-12

▶

📋Vendor Advisories

Debian

CVE-2018-12248: mruby - An issue was discovered in mruby 1.4.1. There is a heap-based buffer over-read a...↗2018

▶