CVE-2020-6840 - In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mruby-hash-ext/src/hash-ext.c.

CVE-2020-6840

Summary

In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mruby-hash-ext/src/hash-ext.c.

References

Vulnerable Configurations

cpe:2.3:a:mruby:mruby:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:mruby:mruby:2.1.0:*:*:*:*:*:*:*

CVSS

CWE

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

misc

https://github.com/mruby/mruby/issues/4927

Last major update

13-01-2020 - 19:59

Published

11-01-2020 - 03:15

Last modified

13-01-2020 - 19:59