CVE-2018-10191

moderate-risk

Published 2018-04-17

In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec() when handling OP_GETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute arbitrary code.

Do I need to act?

1.3% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Fix available

Upgrade to: 1905091634a6a2925c911484434448e568330626

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (2)

Mruby

Debian Linux

Affected Vendors

Debian Mruby

References (6)

Patch https://github.com/mruby/mruby/commit/1905091634a6a2925c911484434448e568330626

Exploit https://github.com/mruby/mruby/issues/3995

Mailing List https://lists.debian.org/debian-lts-announce/2022/05/msg00006.html

Patch https://github.com/mruby/mruby/commit/1905091634a6a2925c911484434448e568330626

Exploit https://github.com/mruby/mruby/issues/3995

Mailing List https://lists.debian.org/debian-lts-announce/2022/05/msg00006.html

/ 100

moderate-risk

Severity 32/34 · Critical

Exploitability 4/34 · Minimal

Exposure 7/34 · Low