NULL Pointer Dereference in mruby Affects mrb_class Functionality
CVE-2018-12247

7.5HIGH

Key Information:

Vendor

Mruby

Status
Mruby
Vendor
CVE Published:
12 June 2018

What is CVE-2018-12247?

A vulnerability has been identified in mruby 1.4.1 that pertains to a NULL pointer dereference within the mrb_class function. This issue arises due to improper handling of certain cloning operations within mrb_obj_clone in kernel.c, specifically related to flag copying. As a result, essential flags such as MRB_FLAG_IS_FROZEN are not appropriately managed, potentially leading to unexpected behavior and application crashes. It is recommended for users to review their current implementations and apply necessary updates.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/mruby/mruby/issues/4036
x_refsource_MISC
https://github.com/mruby/mruby/commit/55edae0226409de25e5...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.