Mfelsche

**Name of the Vulnerable Software and Affected Versions** Tremor versions 0.7.2 through 0.11.6 **Description** The issue is a memory safety problem that occurs when using `patch` or `merge` on `state` and assigning the result back to `state`. This allows access to already freed regions of memory, which can be sent over TCP or HTTP. The vulnerability requires the Tremor server to execute a tremor-script script that uses the mentioned language construct. **Recommendations** For versions 0.7.2 through 0.11.6, upgrade to version 0.11.6 or later, which removes the optimization and always clones the target expression of a Merge or Patch. If an upgrade is not possible, a possible workaround is to avoid the optimization by introducing a temporary variable and not immediately reassigning to `state`, for example: let tmp = merge state of event end; let state = tmp