9.8
CVE-2022-0570
- EPSS 1.24%
- Veröffentlicht 14.02.2022 12:15:22
- Zuletzt bearbeitet 21.11.2024 06:38:56
- CVE-Watchlists
- Unerledigt
Heap-based Buffer Overflow in mruby/mruby
Heap-based Buffer Overflow in Homebrew mruby prior to 3.2.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.24% | 0.653 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| security@huntr.dev | 8.4 | 2.5 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-122 Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
https://github.com/mruby/mruby/commit/38b164ace7d6ae1c367883a3d67d7f559783faad
https://huntr.dev/bounties/65a7632e-f95b-4836-b1a7-9cb95e5124f1