CVE-2018-10191 Information

Description

In versions of mruby up to and including 1.4.0 an integer overflow exists in src/vm.c::mrb_vm_exec() when handling OP_GETUPVAR in the presence of deep scope nesting resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute arbitrary code.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://github.com/mruby/mruby/commit/1905091634a6a2925c911484434448e568330626 https://github.com/mruby/mruby/issues/3995

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8