CVE-2018-14337

Name of the Vulnerable Software and Affected Versions mruby version 1.4.1

Description The issue concerns a signed integer overflow in the CHECK macro within the mrbgems/mruby-sprintf/src/sprintf.c file of mruby. This overflow could potentially lead to out-of-bounds memory access due to the mrb str resize function in string.c not checking for negative lengths.

Recommendations For mruby version 1.4.1, consider applying a patch or fix that addresses the signed integer overflow in the CHECK macro to prevent potential out-of-bounds memory access. As a temporary workaround, restrict the use of the mrb str resize function to minimize the risk of exploitation.