Skip to main content

Mruby CVE-2022-1427

HIGH
Out-of-bounds Read (CWE-125)
2022-04-23 security@huntr.dev
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 23, 2022 - 00:15 nvd
HIGH 7.8

DescriptionNVD

Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2.

Impact: Possible arbitrary code execution if being exploited.

AnalysisAI

Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2.

Impact: Possible arbitrary code execution if being exploited. Affected products include: Mruby. Version information: prior to 3.2..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

More in Mruby

View all
CVE-2022-1286 CRITICAL POC
9.8 Apr 10

heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Rated critical severit

CVE-2022-1276 CRITICAL POC
9.8 Apr 10

Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Rated critical severity (CVSS 9.8), th

CVE-2022-1212 CRITICAL POC
9.8 Apr 05

Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Rated critical severity (CVSS

CVE-2022-0631 CRITICAL POC
9.8 Feb 18

Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. Rated critical severity (CVSS 9.8), this vulnerability is rem

CVE-2022-0080 CRITICAL POC
9.8 Jan 02

mruby is vulnerable to Heap-based Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely ex

CVE-2020-15866 CRITICAL POC
9.8 Jul 21

mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrec

CVE-2020-6840 CRITICAL POC
9.8 Jan 11

In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mruby-hash-ext/src/hash-ext.c. Rated critical severit

CVE-2020-6839 CRITICAL POC
9.8 Jan 11

In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_to_dbl in string.c. Rated critical severity (CVSS

CVE-2020-6838 CRITICAL POC
9.8 Jan 11

In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems/mruby-hash-ext/src/hash-ext.c. Rated critical sev

CVE-2018-11743 CRITICAL POC
9.8 Jun 05

The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attack

CVE-2018-10191 CRITICAL POC
9.8 Apr 17

In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec() when handling OP_G

CVE-2022-1106 CRITICAL POC
9.1 Mar 27

use after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2. Rated critical severity (CVSS 9.1), this vu

Share

CVE-2022-1427 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy