{"id":"CVE-2018-12248","details":"An issue was discovered in mruby 1.4.1. There is a heap-based buffer over-read associated with OP_ENTER because mrbgems/mruby-fiber/src/fiber.c does not extend the stack in cases of many arguments to fiber.","modified":"2026-02-24T11:25:53.475987Z","published":"2018-06-12T14:29:00.400Z","references":[{"type":"ADVISORY","url":"https://github.com/mruby/mruby/commit/778500563a9f7ceba996937dc886bd8cde29b42b"},{"type":"ADVISORY","url":"https://github.com/mruby/mruby/issues/4038"},{"type":"REPORT","url":"https://github.com/mruby/mruby/issues/4038"},{"type":"FIX","url":"https://github.com/mruby/mruby/commit/778500563a9f7ceba996937dc886bd8cde29b42b"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mruby/mruby","events":[{"introduced":"0"},{"fixed":"778500563a9f7ceba996937dc886bd8cde29b42b"}]}],"versions":["1.0.0","1.1.0","1.2.0","1.3.0","1.4.0","1.4.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-12248.json","vanir_signatures":[{"digest":{"length":1425,"function_hash":"147070256114492561439229310213750951605"},"signature_version":"v1","source":"https://github.com/mruby/mruby/commit/778500563a9f7ceba996937dc886bd8cde29b42b","deprecated":false,"id":"CVE-2018-12248-57dd5406","signature_type":"Function","target":{"function":"fiber_switch","file":"mrbgems/mruby-fiber/src/fiber.c"}},{"digest":{"threshold":0.9,"line_hashes":["279665797800738958414960149610261648694","126518444906473700447655695037853586908","20559788607066877032068248299978847995","209494054320537949101552931986372205443","22221124249016034453580577284055838032","91268916105831621533622244742851572844","305217786895579078748468691908486590145","185034954096646194127965433998711624991","219336761342710677225899571521653541945","316249854355391370072921855180627731711","285233862504349142769183547588553601873","334994637967466365511739291662493057004","198558109256871638307795241135490981851","266147102060991913635262564430149535902","208405107013978956115196911008454797251","324396588618655799450191183593268507354","249383793064843333912001284948644464934","84710594130326809198579967604788435076","72526865657363877838250552687526864350","200848887334134031069234585636769649815","90524830406101585123909238316358164647","195322834296668541039780842188718179536","135770582455980523770569232759809025244","331320109063418657266139318525759669180","229755145831027627768656589443992544207","235856800093588102611269600381015740395"]},"signature_version":"v1","source":"https://github.com/mruby/mruby/commit/778500563a9f7ceba996937dc886bd8cde29b42b","deprecated":false,"id":"CVE-2018-12248-f67b30c9","signature_type":"Line","target":{"file":"mrbgems/mruby-fiber/src/fiber.c"}}]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}