- ------------------------------------------------------------------------- Debian LTS Advisory DLA-2996-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA May 06, 2022 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : mruby Version : 1.2.0+20161228+git30d5424a-1+deb9u1 CVE ID : CVE-2017-9527 CVE-2018-10191 CVE-2018-11743 CVE-2018-12249 CVE-2018-14337 CVE-2020-15866 Multiple security issues were discovered in mruby, a lightweight implementation of the Ruby language CVE-2017-9527 heap-based use-after-free vulnerability allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rb file CVE-2018-10191 an integer overflow exists when handling OP_GETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute arbitrary code CVE-2018-11743 uninitialized pointer which allows attackers to cause a denial of service or possibly have unspecified other impact. CVE-2018-12249 There is a NULL pointer dereference in mrb_class_real because "class BasicObject" is not properly supported in class.c. CVE-2018-14337 a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length CVE-2020-15866 a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling For Debian 9 stretch, these problems have been fixed in version 1.2.0+20161228+git30d5424a-1+deb9u1. We recommend that you upgrade your mruby packages. For the detailed security status of mruby please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mruby Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS