Heap-based Use-After-Free Vulnerability in mark_context_stack function in mruby

CVE-2017-9527 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impact via a crafted .rb file.

Learn more about our Web Application Penetration Testing UK.