Bug 1196230 – VUL-1: CVE-2022-0632: mruby: NULL Pointer Dereference

Bug 1196230 - (CVE-2022-0632) VUL-1: CVE-2022-0632: mruby: NULL Pointer Dereference

(CVE-2022-0632)
Summary:	VUL-1: CVE-2022-0632: mruby: NULL Pointer Dereference

Status:	RESOLVED INVALID

Classification:	openSUSE
Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Security
Version:	Leap 15.4
Hardware:	Other Other

Priority:	P4 - Low Severity: Minor (vote)
Target Milestone:	---
Assigned To:	Ferdinand Thiessen
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/324379/
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2022-02-21 09:32 UTC by Robert Frohl
Modified:	2022-02-21 12:31 UTC (History)
CC List:	0 users

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Frohl 2022-02-21 09:32:11 UTC

CVE-2022-0632

NULL Pointer Dereference in Homebrew mruby prior to 3.2.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0632
https://github.com/mruby/mruby/commit/44f591aa8f7091e6ca6cb418e428ae6d4ceaf77d
http://www.cvedetails.com/cve/CVE-2022-0632/
https://huntr.dev/bounties/3e5bb8f6-30fd-4553-86dd-761e9459ce1b

Comment 1 Robert Frohl 2022-02-21 09:33:39 UTC

relevant for openSUSE:Factory

Comment 2 Ferdinand Thiessen 2022-02-21 12:31:15 UTC

3.0.0 release used on Factory is not affected:

> % echo -ne 'R0M6OmNsYXNzLm5ld3tzdXBlciBzdXBlciBzdXBlcigmKQpiPTAsKuk9MH0=' | base64 -d > poc
> % mruby poc
>   poc:1:34: syntax error, unexpected ')'