Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
An out-of-bounds read can occur here, due to a missing bounds check:
mruby/mrbgems/mruby-time/src/time.c
Lines 133 to 134 in 158a6ab
This can allow memory disclosure:
50.times { |i| puts Time.gm(1972, 12 + i + 1).to_i - Time.gm(1972, 12 + i).to_i }
or a crash:
Time.gm(1972, 0x100000)
MRI disallows months greater than 12, raising ArgumentError: argument out of range.
ArgumentError: argument out of range
This issue was reported by https://hackerone.com/volc
The text was updated successfully, but these errors were encountered:
c4491e4
No branches or pull requests
An out-of-bounds read can occur here, due to a missing bounds check:
mruby/mrbgems/mruby-time/src/time.c
Lines 133 to 134 in 158a6ab
This can allow memory disclosure:
or a crash:
MRI disallows months greater than 12, raising
ArgumentError: argument out of range.This issue was reported by https://hackerone.com/volc
The text was updated successfully, but these errors were encountered: