CVE-2022-1427

Name

CVE-2022-1427

Description

Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2. # Impact: Possible arbitrary code execution if being exploited.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
CONFIRM	https://huntr.dev/bounties/23b6f0a9-64f5-421e-a55f-b5b7a671f301
MISC	https://github.com/mruby/mruby/commit/a4d97934d51cb88954cc49161dc1d151f64afb6b

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:brew:mruby::::::ruby::*`	ruby-mruby	>= None	< 3.2

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
mruby	edge-community	3.1.0-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
mruby	3.22-community	3.1.0-r0	None	fixed
mruby	3.21-community	3.1.0-r0	None	fixed
mruby	3.20-community	3.1.0-r0	None	fixed
mruby	3.19-community	3.1.0-r0	None	fixed
mruby	3.18-community	3.1.0-r0	None	fixed
mruby	3.17-community	3.1.0-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed