7.5
CVSSv2

CVE-2018-10191

Published: 17/04/2018 Updated: 21/05/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec() when handling OP_GETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute arbitrary code.

Affected Products

Vendor Product Versions
MrubyMruby1.4.0

Vendor Advisories

Debian Bug report logs - #896021 mruby: CVE-2018-10199: Use after free in File#initilialize_copy Package: src:mruby; Maintainer for src:mruby is Nobuhiro Iwamatsu <iwamatsu@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 18 Apr 2018 19:33:02 UTC Severity: grave Tags: patch, security, ups ...
Debian Bug report logs - #896020 mruby: CVE-2018-10191: Use after free caused by integer overflow in environment stack Package: src:mruby; Maintainer for src:mruby is Nobuhiro Iwamatsu <iwamatsu@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 18 Apr 2018 19:21:02 UTC Severity: grave Tags ...

Github Repositories

A grammar based feedback Fuzzer

Co-authored-by: Daniel Teuchert <danielteuchert@rubde> Co-authored-by: Cornelius Aschermann <cornelius@hexgolemscom> Co-authored-by: Sergej Schumilo <sergej@schumilode>