DoS: type confusion in mrb_no_method_error

Disclosed: 2017-03-01 21:25:22 By raydot To shopify-scripts

Critical

Vulnerability Details

Overwriting the 'new' method of the NoMethodError singleton to not return an exception object leads to memory corruption and possibly arbitrary code execution. Running the following code under the mruny-engine sandbox script results in a native crash: NoMethodError.define_singleton_method(:new) do "waat" end Object.q Attached is a patch to mitigate the issue.

Actions

View on HackerOne

Report Stats

Report ID: 181871
State: Closed
Substate: resolved
Upvotes: 60

DoS: type confusion in mrb_no_method_error

Vulnerability Details

Actions

Report Stats

Share this report