CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Out-of-bounds Read in Homebrew mruby prior to 3.2.

Permalink

Browse files

vm.c: should check type before hash access.

Since the operand of double splat (\`\*\*\`) may not be a hash, simple
assertion (previous code since d42a64e) was not enough for this case.

*   Loading branch information

![@matz](https://avatars.githubusercontent.com/u/30733?s=40&v=4)

matz committed

Feb 15, 2022

1 parent ecb28f4 commit ff3a5ebed6ffbe3e70481531cfb969b497aa73ad

Showing with **1 addition** and **1 deletion**.

1.  +1 −1 src/vm.c

@@ -2766,7 +2766,7 @@ mrb\_vm\_exec(mrb\_state \*mrb, const struct RProc \*proc, const mrb\_code \*pc)

int lim = a+b\*2+1;

  

hash = regs\[a\];

mrb\_assert(mrb\_hash\_p(hash));

mrb\_ensure\_hash\_type(mrb, hash);

for (i=a+1; i<lim; i+=2) {

mrb\_hash\_set(mrb, hash, regs\[i\], regs\[i+1\]);

}

**0 comments on commit `ff3a5eb`**

Please sign in to comment.

Headline

CVE-2022-0630: vm.c: should check type before hash access. · mruby/mruby@ff3a5eb

CVE: Latest News