9.8

CVE-2018-11743

Exploit
The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and application crash) or possibly have unspecified other impact.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MrubyMruby Version1.4.1
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.2% 0.802
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-824 Access of Uninitialized Pointer

The product accesses or uses a pointer that has not been initialized.

https://lists.debian.org/debian-lts-announce/2022/05/msg00006.html
Third Party Advisory
Mailing List
https://github.com/mruby/mruby/commit/b64ce17852b180dfeea81cf458660be41a78974d
Patch
Third Party Advisory
https://github.com/mruby/mruby/issues/4027
Patch
Third Party Advisory
Exploit
Issue Tracking