Tommaso Frassetto

**Name of the Vulnerable Software and Affected Versions** mruby version 1.4.1 **Description** A heap-based buffer over-read issue was found, associated with OP ENTER, due to the failure of mrbgems/mruby-fiber/src/fiber.c to extend the stack when handling many arguments to fiber. **Recommendations** For mruby version 1.4.1, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** mruby version 1.4.1 **Description** An issue was discovered in mruby. There is a NULL pointer dereference in `mrb class real` because `class BasicObject` is not properly supported in class.c. **Recommendations** For mruby version 1.4.1, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** mruby version 1.4.1 **Description** The issue is related to the init copy function in kernel.c, which makes initialize copy calls for TT ICLASS objects. This allows attackers to cause a denial of service, resulting in an uninitialized pointer and application crash, or possibly have other unspecified impacts. **Recommendations** For mruby version 1.4.1, consider disabling the init copy function in kernel.c as a temporary workaround until a patch is available. Restrict access to TT ICLASS objects to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: mruby versions prior to 1.4.1 Description: The issue is related to an integer overflow in the `mrb vm exec()` function when handling `OP GETUPVAR` in the presence of deep scope nesting, resulting in a use-after-free. This could allow an attacker who can cause Ruby code to be run to possibly execute arbitrary code. Recommendations: For versions prior to 1.4.1, update to version 1.4.1 or later to resolve the issue.