Bugzilla – Bug 1198809
VUL-0: CVE-2022-1427: mruby: Out-of-bounds Read in mrb_obj_is_kind_of
Last modified: 2022-04-26 19:20:16 UTC
Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby
prior to 3.2. # Impact: Possible arbitrary code execution if being exploited.
- openSUSE:Factory/mruby 3.0.0
Could not reproduce, POC does not work for Factory.
Probably not affected (most reported CVEs are only affecting the git version):
> % mruby POC
> trace (most recent call last):
>  ./d.m:1
>  ./d.m:3:in initialize
> ./POC:3:in instance_exec: super called outside of method (NoMethodError)