CVE-2022-1286

Name
CVE-2022-1286
Description
heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://huntr.dev/bounties/f918376e-b488-4113-963d-ffe8716e4189
MISC https://github.com/mruby/mruby/commit/b1d0296a937fe278239bdfac840a3fd0e93b3ee9

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:mruby:mruby:*:*:*:*:*:*:*:* mruby >= None < 3.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
mruby 3.15-community 3.0.0-r1 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
mruby edge-community 3.1.0-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
mruby 3.16-community 3.1.0-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
mruby 3.17-community 3.1.0-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable