CVE-2020-36401 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Arbitrary code execution
Description	mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_free and obj_free).

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2116	mruby	2.1.2-1	3.0.0-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
01 Jul 2021	ASA-202107-10	AVG-2116	mruby	Medium	arbitrary code execution

References
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/mruby/OSV-2020-744.yaml https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23801 https://github.com/mruby/mruby/commit/97319697c8f9f6ff27b32589947e1918e3015503

References

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/mruby/OSV-2020-744.yaml
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23801
https://github.com/mruby/mruby/commit/97319697c8f9f6ff27b32589947e1918e3015503