Fluid Attacks Database

Description

An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 3.1.0-rc. The vulnerability causes a segmentation fault and application crash.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	mruby	=2.1.2-3 \|\| =3.0.0-1 \|\| =3.0.0-2 \|\| =3.0.0-3 \|\| =3.0.0-4 \|\| =3.1.0-1 \|\| =3.1.0-2 \|\| =3.1.0-3 \|\| =3.2.0-1 \|\| =3.2.0-2 \|\| =3.3.0-1 \|\| =3.3.0~rc2-1 \|\| =3.4.0-1 \|\| =3.4.0-1~exp1 \|\| =3.4.0-1~exp2 \|\| =3.4.0-2	-
debian 12	mruby	>=0 <3.1.0-1	3.1.0-1
debian 13	mruby	>=0 <3.1.0-1	3.1.0-1
debian 14	mruby	>=0 <3.1.0-1	3.1.0-1

Aliases

1. CVE-2021-460232. NVD-2021-460233. OSV-DEBIAN-2021-460234. OSV-2021-460235. SECURITY-TRACKER-CVE-2021-46023

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.