CVE-2018-12248 (NVD)

2018-06-12

An issue was discovered in mruby 1.4.1. There is a heap-based buffer over-read associated with OP_ENTER because mrbgems/mruby-fiber/src/fiber.c does not extend the stack in cases of many arguments to fiber.

Products Mruby
Type Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119)
First patch https://github.com/mruby/mruby/commit/778500563a9f7ceba996937dc886bd8cde29b42b
Relevant file/s ./mrbgems/mruby-fiber/src/fiber.c (modified, +9, -9)
Links https://github.com/mruby/mruby/issues/4038

mruby - Tree: 778500563a

(? files)

Filter Settings
Files
Navigation
Patch data:

(on by default)


Patched area: