- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2996-1                [email protected]
https://www.debian.org/lts/security/                          Abhijith PA
May 06, 2022                                  https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : mruby
Version        : 1.2.0+20161228+git30d5424a-1+deb9u1
CVE ID         : CVE-2017-9527 CVE-2018-10191 CVE-2018-11743 CVE-2018-12249 
                 CVE-2018-14337 CVE-2020-15866

Multiple security issues were discovered in mruby, a lightweight 
implementation of the Ruby language 


    heap-based use-after-free vulnerability allows attackers to cause 
    a denial of service or possibly have unspecified other impact via 
    a crafted .rb file


    an integer overflow exists when handling OP_GETUPVAR in the 
    presence of deep scope nesting, resulting in a use-after-free. An 
    attacker that can cause Ruby code to be run can use this to 
    possibly execute arbitrary code


    uninitialized pointer which allows attackers to cause a denial of 
    service or possibly have unspecified other impact.


    There is a NULL pointer dereference in mrb_class_real because 
    "class BasicObject" is not properly supported in class.c.


    a signed integer overflow, possibly leading to out-of-bounds 
    memory access because the mrb_str_resize function in string.c does 
    not check for a negative length


    a heap-based buffer overflow in the mrb_yield_with_class function 
    in vm.c because of incorrect VM stack handling

For Debian 9 stretch, these problems have been fixed in version

We recommend that you upgrade your mruby packages.

For the detailed security status of mruby please refer to
its security tracker page at:

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS