CVE-2022-008002.01.2022, 12:15mruby is vulnerable to Heap-based Buffer OverflowEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST9.8 CRITICALNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H@huntrdevCNA8.2 HIGHNETWORKLOWNONECVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:NCVEADP------CISA-ADPADP8.2 HIGHNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:NBase ScoreCVSS 3.xEPSS ScorePercentile: 50%VendorProductVersionmrubymruby𝑥≤ 3.0.0𝑥= Vulnerable software versionsDebian ReleasesDebian ProductCodenamemrubybullseyeno-dsabusterno-dsastretchno-dsabookworm3.1.0-3fixedsid3.3.0-1fixedtrixie3.3.0-1fixedUbuntu ReleasesUbuntu ProductCodenamemrubynobleneeds-triagemanticignoredlunarignoredkineticignoredjammyneeds-triageimpishignoredhirsuteignoredfocalneeds-triagebionicneeds-triagexenialneeds-triagetrustyignoredKnown Exploits!https://huntr.dev/bounties/59a70392-4864-4ce3-8e35-6ac2111d1e2ehttps://huntr.dev/bounties/59a70392-4864-4ce3-8e35-6ac2111d1e2eCommon Weakness EnumerationCWE-122 - Heap-based Buffer OverflowA heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().Referenceshttps://github.com/mruby/mruby/commit/28ccc664e5dcd3f9d55173e9afde77c4705a9ab6https://huntr.dev/bounties/59a70392-4864-4ce3-8e35-6ac2111d1e2ehttps://github.com/mruby/mruby/commit/28ccc664e5dcd3f9d55173e9afde77c4705a9ab6https://huntr.dev/bounties/59a70392-4864-4ce3-8e35-6ac2111d1e2e
