Fortinet Discovers Mruby Heap Use-After-Free Vulnerability
Fortinet's FortiGuard Labs has discovered a heap Use-After-Free vulnerability in Mruby.
Mruby is an interpreter for the Ruby programming language with the intention of being lightweight and easily embeddable. The project is headed by Yukihiro Matsumoto, with over 100 contributors currently working on the project.
A heap Use-After-Free vulnerability exists in Mruby. A successful exploit of this vulnerability will cause memory corruption and lead to DoS. Under some conditions, remote code execution is also possible.
Users should apply the solution provided by Mruby.
Fortinet reported the vulnerability to Mruby on February 22, 2017.
Mruby patched the vulnerability on April 9, 2017.
This vulnerability was discovered by Tien Phan of Fortinet's FortiGuard Labs.