CVE-2018-10199

Published: Apr 18, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

In versions of mruby up to and including 1.4.0, a use-after-free vulnerability exists in src/io.c::File#initilialize_copy(). An attacker that can cause Ruby code to be run can possibly use this to execute arbitrary code.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/mruby/mruby/commit/b51b21fc63c9805862322551387d9036f2b63433

x_refsource_CONFIRM

https://github.com/mruby/mruby/issues/4001

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-10199

Description

Affected Products

References