CVE-2021-46023Improper Restriction of Operations within the Bounds of a Memory Buffer in Mruby

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 40.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
MrubyDebian MrubyMsrc Azl3 Rust 1.75.0-14 ON Azure Linux 3.0+4 more
Timeline
PublishedFeb 14

Description

An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 3.1.0-rc. The vulnerability causes a segmentation fault and application crash.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages8 packages

NVDmruby/mruby< 3.1.0
debiandebian/mruby< mruby 3.1.0-1 (bookworm)
Debianmruby/mruby< 3.1.0-1+2

🔴Vulnerability Details

2
OSV
CVE-2021-46023: An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 32023-02-14
GHSA
GHSA-4g9q-c75g-jq7q: An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 32023-02-14

📋Vendor Advisories

2
Microsoft
An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 3.1.0-rc. The vulnerability causes a segmentation fault and application crash.2023-02-14
Debian
CVE-2021-46023: mruby - An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby...2021