Candidate: CVE-2022-1286
PublicDate: 2022-04-10 11:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1286
 https://github.com/mruby/mruby/commit/b1d0296a937fe278239bdfac840a3fd0e93b3ee9
 https://huntr.dev/bounties/f918376e-b488-4113-963d-ffe8716e4189/
Description:
 heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository
 mruby/mruby prior to 3.2. Possible arbitrary code execution if being
 exploited.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium 
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_mruby:
 upstream: https://github.com/mruby/mruby/commit/b1d0296a937fe278239bdfac840a3fd0e93b3ee9
upstream_mruby: pending (3.1.0) 
trusty_mruby: ignored (out of standard support)
trusty/esm_mruby: DNE
xenial_mruby: ignored (out of standard support, was needed)
bionic_mruby: needed
focal_mruby: needed
impish_mruby: needed
jammy_mruby: needed
devel_mruby: needed