CVE-2022-1427 — Out-of-bounds Read in Mruby

CWE-125 — Out-of-bounds Read CWE-284 — Improper Access Control5 documents5 sources

Severity

7.8HIGHNVD

CISA9.8

EPSS

0.3%

top 50.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mruby Mruby Mruby Debian Mruby

Timeline

PublishedApr 23

Latest updateApr 24

Description

Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2. # Impact: Possible arbitrary code execution if being exploited.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDmruby/mruby< 3.2

▶debiandebian/mruby< mruby 3.1.0-1 (bookworm)

▶CVEListV5mruby/mruby_mrubyunspecified — 3.2

▶Debianmruby/mruby< 3.1.0-1+2

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-45gc-6g92-9g2j: Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3↗2022-04-24

▶

OSV

CVE-2022-1427: Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3↗2022-04-23

▶

📋Vendor Advisories

CISA

Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability↗2022-03-25

▶

Debian

CVE-2022-1427: mruby - Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby pri...↗2022

▶