Note:
This project will be discontinued after December 13, 2021. [more]
2018-06-05
The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and application crash) or possibly have unspecified other impact.
| Products | Debian_linux, Mruby |
| Type | Access of Uninitialized Pointer (CWE-824) |
| First patch |
https://github.com/mruby/mruby/commit/b64ce17852b180dfeea81cf458660be41a78974d |
| Patches | https://github.com/mruby/mruby/issues/4027 |
| Relevant file/s | ./src/kernel.c (modified, +3) |
| Links | https://lists.debian.org/debian-lts-announce/2022/05/msg00006.html |
Navigation
Patch data:
Patched area:
(on by default)
Patched area: