Published: 11/06/2017 Updated: 22/06/2017
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

The mark_context_stack function in gc.c in mruby up to and including 1.2.0 allows malicious users to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impact via a crafted .rb file.

Affected Products

Vendor Product Versions
Mruby ProjectMruby1.2.0

Vendor Advisories

Debian Bug report logs - #865778 mruby: CVE-2017-9527: heap-based use-after-free Package: src:mruby; Maintainer for src:mruby is Nobuhiro Iwamatsu <iwamatsu@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 24 Jun 2017 18:42:07 UTC Severity: grave Tags: fixed-upstream, patch, security, ups ...