Candidate: CVE-2017-9527
PublicDate: 2017-06-11 17:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9527
Description:
 The mark_context_stack function in gc.c in mruby through 1.2.0 allows
 attackers to cause a denial of service (heap-based use-after-free and
 application crash) or possibly have unspecified other impact via a crafted
 .rb file.
Ubuntu-Description:
Notes:
Bugs:
 https://github.com/mruby/mruby/issues/3486
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_mruby:
 upstream: https://github.com/mruby/mruby/commit/5c114c91d4ff31859fcd84cf8bf349b737b90d99
upstream_mruby: released (1.2.0+20170601+git5e0e690-1, 1.3.0-1)
precise/esm_mruby: DNE
trusty_mruby: ignored (reached end-of-life)
trusty/esm_mruby: DNE (trusty was needs-triage)
vivid/stable-phone-overlay_mruby: DNE
vivid/ubuntu-core_mruby: DNE
xenial_mruby: not-affected (code not present)
yakkety_mruby: ignored (reached end-of-life)
zesty_mruby: ignored (reached end-of-life)
artful_mruby: ignored (reached end-of-life)
bionic_mruby: not-affected (1.4.0-1)
cosmic_mruby: not-affected (1.4.0-1)
disco_mruby: not-affected (1.4.0-1)
devel_mruby: not-affected (1.4.0-1)