Mruby
CVE-2022-1427
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2.
Impact: Possible arbitrary code execution if being exploited.
AnalysisAI
Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2.
Impact: Possible arbitrary code execution if being exploited. Affected products include: Mruby. Version information: prior to 3.2..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.
heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Rated critical severit
Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Rated critical severity (CVSS 9.8), th
Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Rated critical severity (CVSS
Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. Rated critical severity (CVSS 9.8), this vulnerability is rem
mruby is vulnerable to Heap-based Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely ex
mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrec
In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mruby-hash-ext/src/hash-ext.c. Rated critical severit
In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_to_dbl in string.c. Rated critical severity (CVSS
In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems/mruby-hash-ext/src/hash-ext.c. Rated critical sev
The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attack
In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec() when handling OP_G
use after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2. Rated critical severity (CVSS 9.1), this vu
Same weakness CWE-125 – Out-of-bounds Read
View allShare
External POC / Exploit Code
Leaving vuln.today