| 1 |
Struct type confusion RCE |
$18000.0 |
| 2 |
Crash: Initialize Decimal with itself triggers an assertion |
$10000.0 |
| 3 |
Segfault and/or potential unwanted (byte)code execution with "break" and "||=" inside a loop |
$10000.0 |
| 4 |
Segfault in mruby, mruby_engine and the parent MRI Ruby due to null pointer dereference |
$10000.0 |
| 5 |
Range constructor type confusion DoS |
$10000.0 |
| 6 |
Range#initialize_copy null pointer dereference |
$10000.0 |
| 7 |
Null pointer derefence due to bug in codegen with negation without using value |
$10000.0 |
| 8 |
Buffer overflow in mrb_time_asctime |
$10000.0 |
| 9 |
Broken handling of maximum number of method call arguments leads to segfault |
$10000.0 |
| 10 |
Invalid handling of zero-length heredoc identifiers leads to infinite loop in the sandbox |
$10000.0 |
| 11 |
Crash: Overwriting NoMethodError with a builtin class crashes/corrupts memory |
$10000.0 |
| 12 |
Certain inputs cause tight C-level recursion leading to process stack overflow |
$10000.0 |
| 13 |
Crash: calling Proc::initialize_copy with a Proc instance where initialize never ran leads to a crash |
$8000.0 |
| 14 |
mruby-time: Crash host with uninitialized Time obj |
$8000.0 |
| 15 |
Crash: mrb_any_to_s can't handle NilClass, Symbol and Fixnum |
$8000.0 |
| 16 |
Null target_class DoS |
$8000.0 |
| 17 |
Undefined method_missing null pointer dereference |
$8000.0 |
| 18 |
Denial of service due to invalid memory access in mrb_ary_concat |
$8000.0 |
| 19 |
Segmentation fault due to bad memory access in kh_get_mt |
$8000.0 |
| 20 |
Denial of Service in mruby due to null pointer dereference |
$8000.0 |
| 21 |
ruby DoS https://www.mruby.science |
$8000.0 |
| 22 |
Segmentation fault when a Ruby method is invoked by a C method via Object#send |
$8000.0 |
| 23 |
Recursion causing uninitialized memory reads leading to a segfault |
$2000.0 |
| 24 |
Crash: A call to Symbol.new leads to a crash when inspecting the resulting object |
$1000.0 |
| 25 |
Null pointer dereference regression in parse.y |
$1000.0 |
| 26 |
Segfault when passing invalid values to values_at |
$1000.0 |
| 27 |
Read after free in mrb_vm_exec with OP_ARYCAT reading R(B) |
$1000.0 |
| 28 |
Invalid memory write caused by incorrect upper bound in array_copy |
$1000.0 |
| 29 |
Incorrect code generation when result of NODE_NEGATE is not used |
$1000.0 |
| 30 |
Memory disclosure in timegm |
$1000.0 |
| 31 |
Segmentation fault while printing backtrace |
$1000.0 |
| 32 |
Invalid read in str_replace_partial |
$1000.0 |
| 33 |
Buffer overflow in yywarning_s |
$1000.0 |
| 34 |
NULL pointer dereference in mrb_check_frozen |
$1000.0 |
| 35 |
Heap Overflow in mrb_arb_splice |
$800.0 |
| 36 |
Use After Free in str_replace |
$800.0 |
| 37 |
Heap overflow due to off-by-one when expanding stack |
$800.0 |
| 38 |
Null pointer dereference in mrb_str_prepend |
$800.0 |
| 39 |
Still heap overflow in mrb_ary_splice |
$800.0 |
| 40 |
Heap Buffer overflow in mrb_funcall_with_block |
$800.0 |
| 41 |
Heap buffer oveflow with many arguments |
$800.0 |
| 42 |
Use After Free in mrb_vm_exec |
$800.0 |
| 43 |
Heap Buffer overflow in mrb_ary_unshift |
$800.0 |
| 44 |
Heap buffer overflow with long array assignment |
$800.0 |
| 45 |
Null pointer dereference in mrb_class |
$800.0 |
| 46 |
Null pointer dereference in mark_context_stack |
$800.0 |
| 47 |
Use-after-free leading to an invalid pointer dereference |
$800.0 |
| 48 |
Invalid Pointer Reference from OP_RESCUE |
$800.0 |
| 49 |
Null pointer dereference in 'get_file' |
$800.0 |
| 50 |
Heap Buffer Overflow while processing OP_SEND |
$800.0 |
| 51 |
SIGSEGV in array_copy - array.c:71 |
$800.0 |
| 52 |
kh_put_iv SEGFAULT - mruby 1.2.0 |
$800.0 |
| 53 |
Null pointer dereference in ary_concat |
$800.0 |
| 54 |
Null pointer dereference in mrb_class |
$800.0 |
| 55 |
Null pointer dereference in OP_ENTER |
$800.0 |
| 56 |
Invalid pointer dereference in OP_ENTER |
$800.0 |
| 57 |
Null pointer dereferences from mrb_vm_exec |
$800.0 |
| 58 |
Heap Buffer Overflow in mrb_hash_keys |
$800.0 |
| 59 |
Null pointer dereferences in mrb_get_args |
$800.0 |
| 60 |
Null pointer dereferences in ary_concat |
$800.0 |
| 61 |
Null pointer dereferences in kh_copy_mt |
$800.0 |
| 62 |
heap-use-after-free in mrb_vm_exec - vm.c:1247 |
$800.0 |
| 63 |
Null pointer dereference with send/method_missing |
$800.0 |
| 64 |
Use after free in mruby-mpdecimal |
$800.0 |
| 65 |
Invalid read leading to a segfault |
$800.0 |
| 66 |
Crash in mrb_ary_push |
$800.0 |
| 67 |
Garbage collector crash |
$300.0 |
| 68 |
Heap use-after-free during range creation |
$200.0 |
| 69 |
Double free of filename after codegen error |
$200.0 |
| 70 |
Invalid memory access in mrb_str_format |
$100.0 |
| 71 |
Integer Overflow in mrb_ary_set |
$100.0 |
| 72 |
Crash in print_backtrace |
$100.0 |
| 73 |
Null pointer dereference in mrb_random_initialize |
$100.0 |
| 74 |
heap-use-after-free /home/operac/testafl/mruby/mrubylast/mruby/src/gc.c |
$100.0 |
| 75 |
Segmentfault at mrb_vm_exec |
$100.0 |
| 76 |
Incorrect code generation with redo inside NODE_RESCUE. |
$100.0 |
| 77 |
Interger overflow in str_substr leading to read/write out of bound memory |
$100.0 |
| 78 |
Memory corrouption in mrb_gc_mark |
$100.0 |
| 79 |
SIGABRT in sym_validate_len - symbol.c:44 |
$100.0 |
| 80 |
heap use after free in fiber_switch |
$100.0 |
| 81 |
Invalid Pointer reference in L_RESCUE |
$100.0 |
| 82 |
Use after free vulnerability in mruby Array#to_h causing DOS possible RCE |
$0.0 |
| 83 |
Exception cause SIGABRT |
$0.0 |
| 84 |
Type confusion in mrb_exc_set leading to memory corruption |
$0.0 |
| 85 |
Memory disclosure in mruby String#lines method |
$0.0 |
| 86 |
TOCTTOU bug in mrb_str_setbyte leading the memory corruption |
$0.0 |
| 87 |
SIGSEGV on mruby's mark_tbl() (Invalid memory access) |
$0.0 |
| 88 |
SIGSEGV on mruby mrb_str_modify() (Invalid memory access) |
$0.0 |
| 89 |
SIGSEV on mrb_ary_splice |
$0.0 |
| 90 |
SIGSEGV when invalid argument on remove_method |
$0.0 |
| 91 |
NULL pointer dereference when parsing ternary operators |
$0.0 |
| 92 |
Segmentation fault due to invalid memory access in codegen when using break with the 127th argument a constant |
$0.0 |
| 93 |
Null pointer dereference due to bug in codegen with negation of floats |
$0.0 |
| 94 |
Null pointer dereference in mrb_str_concat |
$0.0 |
| 95 |
Invalid memory access while freeing memory, caused by invalid type passed to mrb_ary_unshift |
$0.0 |
| 96 |
Null pointer dereference in ary_concat |
$0.0 |
| 97 |
Deleting Key-value pair from Frozen HASH or Clearing a Frozen HASH |
$0.0 |
| 98 |
Null pointer dereference due to TOCTTOU bug in mrb_time_initialize |
$0.0 |
| 99 |
Type confusion in wrap_decimal leading to memory corruption |
$0.0 |
| 100 |
Segmentation fault on program counter |
$0.0 |
| 101 |
SIGABRT - mrb_default_allocf |
$0.0 |
| 102 |
mrb_str_modify try to write to memory not marked for writing |
$0.0 |
| 103 |
attempting double-free using the mruby compiler mrbc |
$0.0 |
| 104 |
Null pointer dereference in mrb_str_modify |
$0.0 |
| 105 |
mrb_vformat() heap overflow could lead to code execution |
$0.0 |
| 106 |
heap-buffer-overflow on mruby |
$0.0 |
| 107 |
SIGSEGV on mruby mrb_get_args() |
$0.0 |
| 108 |
SIGSEGV mrb_obj_freeze() Manipulating Register RAX and RSI |
$0.0 |
| 109 |
SIGSEGV Null Pointer mrb_str_concat() |
$0.0 |
| 110 |
Denial of service (segfault) due to null pointer dereference in mrb_obj_instance_eval |
$0.0 |
| 111 |
Denial of service (segfault) due to null pointer dereference in mrb_vm_exec |
$0.0 |
| 112 |
A crash when an exception is caught in a caller and the receiver returned from ensure |
$0.0 |
| 113 |
segafult in mruby's sprintf - mrb_str_format |
$0.0 |
| 114 |
SIGSEGV in mrb_vm_exec |
$0.0 |
| 115 |
DoS: type confusion in mrb_no_method_error |
$0.0 |
| 116 |
SIGABRT, SIGSEGV mspace_free() and mrb_default_allocf() |
$0.0 |
| 117 |
SIGSEGV on mrb_vm_exec() Null Deref |
$0.0 |
| 118 |
SIGSEGV - mrb_check_intern_str() - NullPointer |
$0.0 |
| 119 |
SIGSEGV - mrb_vm_exec - vm.c in line:1272 |
$0.0 |
| 120 |
SIGSEGV - mrb_vm_exec - line:1681 |
$0.0 |
| 121 |
Aborted - proc.c - line:143 |
$0.0 |
| 122 |
kh_get_n2s() stack overrun |
$0.0 |
| 123 |
Segmentation fault - mrb_gc_mark |
$0.0 |
| 124 |
SIGSEGV - kh_resize_iv - Null Deref |
$0.0 |
| 125 |
SIGSEGV - mrb_obj_extend - line:413 |
$0.0 |
| 126 |
Controlled address leak due to type confusion - ASLR bypass |
$0.0 |
| 127 |
sprintf gem - format string combined attack |
$0.0 |
| 128 |
SIGSEGV - mrb_vm_exec - line:1312 |
$0.0 |
| 129 |
SIGABRT - mrb_realloc_simple - gc.c - line:201 |
$0.0 |
| 130 |
forgot to add the patch |
$0.0 |
| 131 |
SIGABRT - method_missing - mark_context_stack |
$0.0 |
| 132 |
SIGSEGV - vm.c - line:1214 |
$0.0 |
| 133 |
Heap use-after-free in mrb_vm_exec |
$0.0 |
| 134 |
mrb_vm_exec - null ptr dereference |
$0.0 |
| 135 |
SIGSEGV - mrb_yield_with_class |
$0.0 |
| 136 |
Heap buffer overflow in mruby value_move |
$0.0 |
| 137 |
SIGSEGV - mrb_obj_value |
$0.0 |
| 138 |
mruby heap use-after-free |
$0.0 |
| 139 |
SIGSEGV in str_buf_cat |
$0.0 |
| 140 |
SIGABRT in only mirb |
$0.0 |
| 141 |
SIGSEGV - kh_get_n2s - in /src/symbol.c:37 |
$0.0 |
| 142 |
mirb only: stack-buffer-overflow (OOB write) in main() |
$0.0 |
| 143 |
heap-buffer-overflow (read outside of buffer) in mrb_vm_exec() |
$0.0 |
| 144 |
SIGSEGV in mrb_vm_exec |
$0.0 |
| 145 |
SIGSEGV in mrb_str_inum |
$0.0 |
| 146 |
SIGABRT - in free |
$0.0 |
| 147 |
Crash in ary_concat() |
$0.0 |
| 148 |
heap use-after-free in mrb_vm_exec() |
$0.0 |
| 149 |
SIGABRT in mrb_debug_info_append_file |
$0.0 |
| 150 |
SIGSEGV in mrb_class |
$0.0 |
| 151 |
SIGSEGV in mrb_vm_exec |
$0.0 |
| 152 |
SIGABRT - mirb - Double Free |
$0.0 |
| 153 |
SIGABRT - mirb and mruby |
$0.0 |
| 154 |
SIGSEGV - mark_context_stack |
$0.0 |
| 155 |
OP_SCALL in LHS of a OP_ASGN resulting in arbitrary memory write |
$0.0 |
| 156 |
Heap Overflow in fiber_switch triggered from Fiber.transfer |
$0.0 |
| 157 |
Clearing , Shifting and Pop Value from Frozen Array |
$0.0 |
| 158 |
mruby heredoc notation |
$0.0 |
| 159 |
heap-use-after-free in OP_RESCUE |
$0.0 |
| 160 |
heap-buffer-overflow in OP_R_BREAK |
$0.0 |
| 161 |
SEGV on ary_concat |
$0.0 |