Bugzilla – Bug 1197581
VUL-0: CVE-2022-1106: mruby: use after free in mrb_vm_exec
Last modified: 2022-04-26 19:27:09 UTC
CVE-2022-1106 use after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1106 https://github.com/mruby/mruby/commit/7f5a490d09f4d56801ac3a3e4e39e03e1471b44c http://www.cvedetails.com/cve/CVE-2022-1106/ https://huntr.dev/bounties/16b9d0ea-71ed-41bc-8a88-2deb4c20be8f
No version containing the fixing commit yet. openSUSE:Factory should be affected
Version on Factory not affected, POC does not work. Probably only the git version is affected not the 3.0 release (or fixed by other patch). > % mruby POC > trace (most recent call last): > POC:1: undefined method 'cmp' (NoMethodError)