Note:
This project will be discontinued after December 13, 2021. [more]
2018-06-05
The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and application crash) or possibly have unspecified other impact.
Products | Debian_linux, Mruby |
Type | Access of Uninitialized Pointer (CWE-824) |
First patch |
https://github.com/mruby/mruby/commit/b64ce17852b180dfeea81cf458660be41a78974d |
Patches | https://github.com/mruby/mruby/issues/4027 |
Relevant file/s | ./src/kernel.c (modified, +3) |
Links | https://lists.debian.org/debian-lts-announce/2022/05/msg00006.html |
Navigation
Patch data:
Patched area:
(on by default)
Patched area: