PT-2018-12452 · Mruby · Mruby

Cornelius Aschermann

Published

2018-07-17

Updated

2022-05-12

CVE-2018-14337

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions mruby version 1.4.1

Description The issue concerns a signed integer overflow in the CHECK macro within the mrbgems/mruby-sprintf/src/sprintf.c file of mruby. This overflow could potentially lead to out-of-bounds memory access due to the mrb str resize function in string.c not checking for negative lengths.

Recommendations For mruby version 1.4.1, consider applying a patch or fix that addresses the signed integer overflow in the CHECK macro to prevent potential out-of-bounds memory access. As a temporary workaround, restrict the use of the mrb str resize function to minimize the risk of exploitation.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2018-14337

DLA-2996-1

Affected Products

Mruby

PT-2018-12452 · Mruby · Mruby

CVE-2018-14337

Weakness Enumeration

Related Identifiers

Affected Products

References · 26