Mruby
CVE-2022-1934
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Use After Free in GitHub repository mruby/mruby prior to 3.2.
AnalysisAI
Use After Free in GitHub repository mruby/mruby prior to 3.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Use After Free (CWE-416), which allows attackers to access freed memory to execute arbitrary code or crash the application. Use After Free in GitHub repository mruby/mruby prior to 3.2. Affected products include: Mruby. Version information: prior to 3.2..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Use smart pointers or garbage-collected languages. Set pointers to NULL after freeing. Enable memory sanitizers.
heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Rated critical severit
Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Rated critical severity (CVSS 9.8), th
Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Rated critical severity (CVSS
Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. Rated critical severity (CVSS 9.8), this vulnerability is rem
mruby is vulnerable to Heap-based Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely ex
mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrec
In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mruby-hash-ext/src/hash-ext.c. Rated critical severit
In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_to_dbl in string.c. Rated critical severity (CVSS
In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems/mruby-hash-ext/src/hash-ext.c. Rated critical sev
The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attack
In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec() when handling OP_G
use after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2. Rated critical severity (CVSS 9.1), this vu
Same weakness CWE-416 – Use After Free
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today