CVE-2022-1201

MEDIUM
Published Apr 2, 20224y ago · Modified Jun 17, 20262w ago
6.5 CVSS 3.1
Medium
Find Similar
Published Apr 2, 2022 4y ago
Last Modified Jun 17, 2026 2w ago

Description

NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system.

CVSS Details

Base Score
6.5
Exploitability
2.0
Impact
4.0
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality None
Integrity None
Availability High

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 1

VendorProductVersionRange
mrubymruby* <3.2

References 2

  • github.com https://github.com/mruby/mruby/commit/00acae117da1b45b318dc36531a7b0021b8097ae
    PatchThird Party Advisory
  • huntr.dev https://huntr.dev/bounties/6f930add-c9d8-4870-ae56-d4bd8354703b
    ExploitThird Party Advisory

Remediation

  • github.com https://github.com/mruby/mruby/commit/00acae117da1b45b318dc36531a7b0021b8097ae
    PatchThird Party Advisory