CVE-2020-15866

Опубликовано: 21 июл. 2020

Источник: debian

Описание

mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. It can be triggered via the stack_copy function.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
mruby	fixed	2.1.2-1		package
mruby	no-dsa		buster	package

Примечания

https://github.com/mruby/mruby/issues/5042
https://github.com/mruby/mruby/commit/6334949ba69363cb909a57d6871895bd6d98bb6b (3.0.0-preview)
https://github.com/mruby/mruby/commit/63956036e116ef6a33a91e16348c4d1a09f6f72c (2.1.2-rc2)

Связанные уязвимости

CVE-2020-15866

CVSS3: 9.8

ubuntu

больше 5 лет назад

mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. It can be triggered via the stack_copy function.

CVE-2020-15866

CVSS3: 9.8

nvd

больше 5 лет назад

mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. It can be triggered via the stack_copy function.

GHSA-4f9x-p86g-x88m

CVSS3: 9.8

github

больше 3 лет назад

mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. It can be triggered via the stack_copy function.