CVE-2020-36401Double Free in Mruby

CWE-415Double Free4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 52.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MrubyDebian Mruby
Timeline
PublishedJul 1
Latest updateMay 24

Description

mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_free and obj_free).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

debiandebian/mruby< mruby 2.1.2-3 (bookworm)
Debianmruby/mruby< 2.1.2-3+3
NVDmruby/mruby2.1.2

Patches

Patch: bugs.chromium.orgPatch: github.comPatch: bugs.chromium.org

🔴Vulnerability Details

2
GHSA
GHSA-qq64-7fh7-7hmw: mruby 22022-05-24
OSV
CVE-2020-36401: mruby 22021-07-01

📋Vendor Advisories

1
Debian
CVE-2020-36401: mruby - mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_free and ob...2020
CVE-2020-36401 — Double Free in Debian Mruby | cvebase