CVE-2022-1212: Use-After-Free in str_escape in mruby/mruby in mruby/mruby
First published: Tue Apr 05 2022(Updated: )
Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.
Credit: security@huntr.dev
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mruby Mruby | <=3.0.0 | |
| Mruby Mruby | =3.1.0-rc | |
| Mruby Mruby | =3.1.0-rc2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-1212.
What is the severity of CVE-2022-1212?
CVE-2022-1212 has a severity rating of 9.8 (critical).
What software versions are affected by CVE-2022-1212?
CVE-2022-1212 affects mruby/mruby versions prior to 3.2.
Is arbitrary code execution possible with CVE-2022-1212?
Yes, arbitrary code execution is possible if CVE-2022-1212 is exploited.
How do I fix CVE-2022-1212?
To fix CVE-2022-1212, update mruby/mruby to version 3.2 or above.
- collector/nvd-index
- agent/references
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/mruby
- canonical/mruby mruby
- version/mruby mruby/3.0.0
- version/mruby mruby/3.1.0-rc
- version/mruby mruby/3.1.0-rc2