Signed Integer Overflow in mruby Affects Memory Handling
CVE-2018-14337

7.5HIGH

Key Information:

Vendor

Mruby

Status
Mruby
Vendor
CVE Published:
17 July 2018

What is CVE-2018-14337?

The CHECK macro in mruby 1.4.1 is susceptible to a signed integer overflow, which can lead to out-of-bounds memory access. This occurs due to the lack of validation in the mrb_str_resize function within string.c when handling negative length parameters. This issue poses a significant risk as it allows attackers to potentially manipulate memory allocation, leading to erratic application behavior or other security exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/mruby/mruby/issues/4062
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2022/05/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.