Vulnerability Description
The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impact via a crafted .rb file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mruby | Mruby | <= 1.2.0 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- https://github.com/mruby/mruby/commit/5c114c91d4ff31859fcd84cf8bf349b737b90d99Issue TrackingPatchThird Party Advisory
- https://github.com/mruby/mruby/issues/3486ExploitIssue TrackingPatch
- https://lists.debian.org/debian-lts-announce/2022/05/msg00006.htmlMailing ListThird Party Advisory
- https://github.com/mruby/mruby/commit/5c114c91d4ff31859fcd84cf8bf349b737b90d99Issue TrackingPatchThird Party Advisory
- https://github.com/mruby/mruby/issues/3486ExploitIssue TrackingPatch
- https://lists.debian.org/debian-lts-announce/2022/05/msg00006.htmlMailing ListThird Party Advisory
FAQ
What is CVE-2017-9527?
CVE-2017-9527 is a vulnerability with a CVSS score of 7.8 (HIGH). The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impact...
How severe is CVE-2017-9527?
CVE-2017-9527 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-9527?
Check the references section above for vendor advisories and patch information. Affected products include: Mruby Mruby, Debian Debian Linux.