If you have any security concern, contact matz@ruby.or.jp.
We consider the following issues as vulnerabilities:
- Remote code execution
- Crash caused by a valid Ruby script
We don't consider the following issues as vulnerabilities:
- Runtime C undefined behavior (including integer overflow)
- Crash caused by misused API
- Crash caused by modified compiled binary
- ASAN/Valgrind warning for too big memory allocation
mruby assumes
malloc(3)returnsNULLfor too big allocations