Skip to main content

Mruby CVE-2022-1071

HIGH
Use After Free (CWE-416)
2022-03-26 security@huntr.dev
8.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.2 HIGH
AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 26, 2022 - 04:15 nvd
HIGH 8.2

DescriptionNVD

User after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2.

AnalysisAI

User after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Use After Free (CWE-416), which allows attackers to access freed memory to execute arbitrary code or crash the application. User after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2. Affected products include: Mruby. Version information: prior to 3.2..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use smart pointers or garbage-collected languages. Set pointers to NULL after freeing. Enable memory sanitizers.

More in Mruby

View all
CVE-2022-1286 CRITICAL POC
9.8 Apr 10

heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Rated critical severit

CVE-2022-1276 CRITICAL POC
9.8 Apr 10

Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Rated critical severity (CVSS 9.8), th

CVE-2022-1212 CRITICAL POC
9.8 Apr 05

Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Rated critical severity (CVSS

CVE-2022-0631 CRITICAL POC
9.8 Feb 18

Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. Rated critical severity (CVSS 9.8), this vulnerability is rem

CVE-2022-0080 CRITICAL POC
9.8 Jan 02

mruby is vulnerable to Heap-based Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely ex

CVE-2020-15866 CRITICAL POC
9.8 Jul 21

mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrec

CVE-2020-6840 CRITICAL POC
9.8 Jan 11

In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mruby-hash-ext/src/hash-ext.c. Rated critical severit

CVE-2020-6839 CRITICAL POC
9.8 Jan 11

In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_to_dbl in string.c. Rated critical severity (CVSS

CVE-2020-6838 CRITICAL POC
9.8 Jan 11

In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems/mruby-hash-ext/src/hash-ext.c. Rated critical sev

CVE-2018-11743 CRITICAL POC
9.8 Jun 05

The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attack

CVE-2018-10191 CRITICAL POC
9.8 Apr 17

In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec() when handling OP_G

CVE-2022-1106 CRITICAL POC
9.1 Mar 27

use after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2. Rated critical severity (CVSS 9.1), this vu

Share

CVE-2022-1071 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy