CVE-2022-1201 - OpenCVE

NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:L/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Mruby	Mruby

Configuration 1 [-]

cpe:2.3:a:mruby:mruby:*:*:*:*:*:ruby:*:*

References

Link	Resource
https://github.com/mruby/mruby/commit/00acae117da1b45b318dc36531a7b0021b8097ae	Patch Third Party Advisory
https://huntr.dev/bounties/6f930add-c9d8-4870-ae56-d4bd8354703b	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: @huntrdev

Published: 2022-04-02T07:45:34

Updated: 2022-04-02T07:45:34

Reserved: 2022-04-01T00:00:00

Link: CVE-2022-1201

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-04-02T08:15:06.913

Modified: 2023-01-17T20:51:29.200

Link: CVE-2022-1201

JSON object: View

Redhat Information

No data.

CWE

CWE-476

{"containers": {"cna": {"affected": [{"product": "mruby/mruby", "vendor": "mruby", "versions": [{"lessThan": "3.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-02T07:45:34", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://huntr.dev/bounties/6f930add-c9d8-4870-ae56-d4bd8354703b"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/mruby/mruby/commit/00acae117da1b45b318dc36531a7b0021b8097ae"}], "source": {"advisory": "6f930add-c9d8-4870-ae56-d4bd8354703b", "discovery": "EXTERNAL"}, "title": "NULL Pointer Dereference in mrb_vm_exec with super in mruby/mruby", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-1201", "STATE": "PUBLIC", "TITLE": "NULL Pointer Dereference in mrb_vm_exec with super in mruby/mruby"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "mruby/mruby", "version": {"version_data": [{"version_affected": "<", "version_value": "3.2"}]}}]}, "vendor_name": "mruby"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-476 NULL Pointer Dereference"}]}]}, "references": {"reference_data": [{"name": "https://huntr.dev/bounties/6f930add-c9d8-4870-ae56-d4bd8354703b", "refsource": "CONFIRM", "url": "https://huntr.dev/bounties/6f930add-c9d8-4870-ae56-d4bd8354703b"}, {"name": "https://github.com/mruby/mruby/commit/00acae117da1b45b318dc36531a7b0021b8097ae", "refsource": "MISC", "url": "https://github.com/mruby/mruby/commit/00acae117da1b45b318dc36531a7b0021b8097ae"}]}, "source": {"advisory": "6f930add-c9d8-4870-ae56-d4bd8354703b", "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-1201", "datePublished": "2022-04-02T07:45:34", "dateReserved": "2022-04-01T00:00:00", "dateUpdated": "2022-04-02T07:45:34", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mruby:mruby:*:*:*:*:*:ruby:*:*", "matchCriteriaId": "06675FE5-5447-4119-A745-41627A5B4770", "versionEndExcluding": "3.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system."}, {"lang": "es", "value": "Una desreferencia de puntero nulo en mrb_vm_exec con super en el repositorio GitHub mruby/mruby versiones anteriores a 3.2. Esta vulnerabilidad es capaz de hacer que el int\u00e9rprete de mruby sea bloqueado, afectando as\u00ed la disponibilidad del sistema"}], "id": "CVE-2022-1201", "lastModified": "2023-01-17T20:51:29.200", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.5, "impactScore": 4.0, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-02T08:15:06.913", "references": [{"source": "security@huntr.dev", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/mruby/mruby/commit/00acae117da1b45b318dc36531a7b0021b8097ae"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.dev/bounties/6f930add-c9d8-4870-ae56-d4bd8354703b"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "security@huntr.dev", "type": "Primary"}]}