CVE-2020-36401 - mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_free and obj_free).

CVE-2020-36401

Summary

mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_free and obj_free).

References

Vulnerable Configurations

cpe:2.3:a:mruby:mruby:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:mruby:mruby:2.1.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

CVSS

CWE

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

Last major update

06-07-2021 - 21:11

Published

01-07-2021 - 03:15

Last modified

06-07-2021 - 21:11