Heap-based Buffer Over-read in mruby 1.4.1 due to OP_ENTER vulnerability

Heap-based Buffer Over-read in mruby 1.4.1 due to OP_ENTER vulnerability

CVE-2018-12248 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

An issue was discovered in mruby 1.4.1. There is a heap-based buffer over-read associated with OP_ENTER because mrbgems/mruby-fiber/src/fiber.c does not extend the stack in cases of many arguments to fiber.

Learn more about our Web Application Penetration Testing UK.