The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impact via a crafted .rb file.
References
Link | Resource |
---|---|
https://github.com/mruby/mruby/commit/5c114c91d4ff31859fcd84cf8bf349b737b90d99 | Issue Tracking Patch Third Party Advisory |
https://github.com/mruby/mruby/issues/3486 | Exploit Issue Tracking Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/05/msg00006.html | Mailing List Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-06-11T17:00:00
Updated: 2022-05-06T10:06:06
Reserved: 2017-06-11T00:00:00
Link: CVE-2017-9527
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-06-11T17:29:00.160
Modified: 2022-05-12T20:08:14.407
Link: CVE-2017-9527
JSON object: View
Redhat Information
No data.
CWE