Published: 11/06/2017 Updated: 03/03/2020
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

The mark_context_stack function in gc.c in mruby up to and including 1.2.0 allows malicious users to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impact via a crafted .rb file.

Affected Products

Vendor Product Versions

Vendor Advisories

Debian Bug report logs - #865778 mruby: CVE-2017-9527: heap-based use-after-free Package: src:mruby; Maintainer for src:mruby is Nobuhiro Iwamatsu <iwamatsu@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 24 Jun 2017 18:42:07 UTC Severity: grave Tags: fixed-upstream, patch, security, ups ...