| SEGV on ary_concat |
Memory Corruption - Generic |
ahihi |
No rating |
2018-01-17 |
| heap-buffer-overflow in OP_R_BREAK |
Heap Overflow |
ahihi |
None |
2018-01-17 |
| heap-use-after-free in OP_RESCUE |
Use After Free |
ahihi |
No rating |
2018-01-17 |
| mruby heredoc notation |
Denial of Service |
j0s3 |
No rating |
2018-01-11 |
| Invalid read leading to a segfault |
Out-of-bounds Read |
dgaletic |
Low |
2017-12-28 |
| Clearing , Shifting and Pop Value from Frozen Array |
Violation of Secure Design Principles |
an0n-j |
None |
2017-08-30 |
| Use after free in mruby-mpdecimal |
Use After Free |
haquaman |
No rating |
2017-07-06 |
| Null pointer dereference with send/method_missing |
NULL Pointer Dereference |
titanous |
No rating |
2017-06-23 |
| Invalid Pointer reference in L_RESCUE |
Denial of Service |
locator |
No rating |
2017-06-02 |
| Heap Overflow in fiber_switch triggered from Fiber.transfer |
Heap Overflow |
avisaven |
High |
2017-05-30 |
| OP_SCALL in LHS of a OP_ASGN resulting in arbitrary memory write |
Write-what-where Condition |
avisaven |
Critical |
2017-05-30 |
| heap-use-after-free in mrb_vm_exec - vm.c:1247 |
Memory Corruption - Generic |
ilsani |
Medium |
2017-05-21 |
| SIGSEGV - mark_context_stack |
Memory Corruption - Generic |
ston3 |
No rating |
2017-05-13 |
| SIGABRT - mirb and mruby |
Memory Corruption - Generic |
ston3 |
No rating |
2017-05-13 |
| SIGABRT - mirb - Double Free |
Double Free |
ston3 |
No rating |
2017-05-13 |
| SIGSEGV in mrb_vm_exec |
NULL Pointer Dereference |
ston3 |
No rating |
2017-05-13 |
| SIGSEGV in mrb_class |
NULL Pointer Dereference |
ston3 |
No rating |
2017-05-13 |
| SIGABRT in mrb_debug_info_append_file |
Memory Corruption - Generic |
ston3 |
No rating |
2017-05-13 |
| heap use-after-free in mrb_vm_exec() |
None supplied |
mg36 |
No rating |
2017-05-13 |
| Crash in ary_concat() |
None supplied |
mg36 |
No rating |
2017-05-13 |
| SIGABRT - in free |
Memory Corruption - Generic |
ston3 |
No rating |
2017-05-13 |
| SIGSEGV in mrb_str_inum |
NULL Pointer Dereference |
ston3 |
No rating |
2017-05-13 |
| SIGSEGV in mrb_vm_exec |
NULL Pointer Dereference |
ston3 |
No rating |
2017-05-13 |
| heap-buffer-overflow (read outside of buffer) in mrb_vm_exec() |
Heap Overflow |
geeknik |
High |
2017-05-09 |
| mirb only: stack-buffer-overflow (OOB write) in main() |
Stack Overflow |
geeknik |
High |
2017-05-09 |
| Null pointer dereferences in kh_copy_mt |
None supplied |
locator |
No rating |
2017-05-07 |
| heap use after free in fiber_switch |
None supplied |
locator |
No rating |
2017-05-07 |
| Null pointer dereferences in ary_concat |
Denial of Service |
locator |
No rating |
2017-05-04 |
| Null pointer dereferences in mrb_get_args |
Denial of Service |
locator |
No rating |
2017-05-03 |
| Heap Buffer Overflow in mrb_hash_keys |
Denial of Service |
locator |
No rating |
2017-05-03 |
| SIGABRT in sym_validate_len - symbol.c:44 |
Memory Corruption - Generic |
ilsani |
Medium |
2017-05-03 |
| SIGSEGV - kh_get_n2s - in /src/symbol.c:37 |
Denial of Service |
mia_ |
Low |
2017-04-27 |
| SIGABRT in only mirb |
Memory Corruption - Generic |
ston3 |
No rating |
2017-04-27 |
| SIGSEGV in str_buf_cat |
Memory Corruption - Generic |
ston3 |
No rating |
2017-04-27 |
| mruby heap use-after-free |
Memory Corruption - Generic |
mg36 |
No rating |
2017-04-27 |
| SIGSEGV - mrb_obj_value |
Denial of Service |
icanthack |
Medium |
2017-04-19 |
| Memory corrouption in mrb_gc_mark |
Memory Corruption - Generic |
minhrau |
High |
2017-04-17 |
| Null pointer dereferences from mrb_vm_exec |
Denial of Service |
locator |
No rating |
2017-04-16 |
| Invalid pointer dereference in OP_ENTER |
Denial of Service |
dgaletic |
Low |
2017-04-15 |
| Null pointer dereference in OP_ENTER |
NULL Pointer Dereference |
dgaletic |
Low |
2017-04-15 |
| Null pointer dereference in mrb_class |
NULL Pointer Dereference |
dgaletic |
Low |
2017-04-15 |
| Garbage collector crash |
Denial of Service |
dgaletic |
Low |
2017-04-15 |
| Null pointer dereference in ary_concat |
NULL Pointer Dereference |
dgaletic |
Low |
2017-04-15 |
| kh_put_iv SEGFAULT - mruby 1.2.0 |
Memory Corruption - Generic |
ilsani |
Medium |
2017-04-14 |
| SIGSEGV in array_copy - array.c:71 |
Memory Corruption - Generic |
ilsani |
Medium |
2017-04-14 |
| Heap buffer overflow in mruby value_move |
Memory Corruption - Generic |
sukhoi |
Medium |
2017-04-13 |
| SIGSEGV - mrb_yield_with_class |
Violation of Secure Design Principles |
icanthack |
Medium |
2017-04-13 |
| mrb_vm_exec - null ptr dereference |
Denial of Service |
icanthack |
Medium |
2017-04-13 |
| Heap use-after-free in mrb_vm_exec |
Memory Corruption - Generic |
mg36 |
No rating |
2017-04-13 |
| Segmentation fault when a Ruby method is invoked by a C method via Object#send |
Denial of Service |
charliesome |
High |
2017-04-13 |
| Heap Buffer Overflow while processing OP_SEND |
Denial of Service |
locator |
No rating |
2017-04-04 |
| Null pointer dereference in 'get_file' |
Denial of Service |
locator |
No rating |
2017-04-04 |
| Invalid Pointer Reference from OP_RESCUE |
Denial of Service |
locator |
No rating |
2017-04-04 |
| Use-after-free leading to an invalid pointer dereference |
Denial of Service |
dgaletic |
Low |
2017-04-02 |
| SIGSEGV - vm.c - line:1214 |
Denial of Service |
ston3 |
No rating |
2017-03-30 |
| SIGABRT - method_missing - mark_context_stack |
Memory Corruption - Generic |
ston3 |
No rating |
2017-03-30 |
| forgot to add the patch |
Memory Corruption - Generic |
soreks |
No rating |
2017-03-30 |
| SIGABRT - mrb_realloc_simple - gc.c - line:201 |
Memory Corruption - Generic |
ston3 |
No rating |
2017-03-30 |
| SIGSEGV - mrb_vm_exec - line:1312 |
Denial of Service |
ston3 |
No rating |
2017-03-30 |
| Interger overflow in str_substr leading to read/write out of bound memory |
Denial of Service |
lunichi |
High |
2017-03-15 |
| Certain inputs cause tight C-level recursion leading to process stack overflow |
Memory Corruption - Generic |
dkasak |
High |
2017-03-14 |
| sprintf gem - format string combined attack |
None supplied |
aerodudrizzt |
None |
2017-03-14 |
| Controlled address leak due to type confusion - ASLR bypass |
Information Disclosure |
aerodudrizzt |
Medium |
2017-03-14 |
| Null pointer dereference in mark_context_stack |
Denial of Service |
dgaletic |
Low |
2017-03-14 |
| Null pointer dereference in mrb_class |
Denial of Service |
dgaletic |
Low |
2017-03-14 |
| Segmentation fault while printing backtrace |
Denial of Service |
dgaletic |
Low |
2017-03-14 |
| Heap buffer overflow with long array assignment |
Denial of Service |
titanous |
No rating |
2017-03-14 |
| SIGSEGV - mrb_obj_extend - line:413 |
Denial of Service |
ston3 |
No rating |
2017-03-09 |
| SIGSEGV - kh_resize_iv - Null Deref |
Denial of Service |
ston3 |
Low |
2017-03-09 |
| Segmentation fault - mrb_gc_mark |
Denial of Service |
alanbugz |
High |
2017-03-09 |
| kh_get_n2s() stack overrun |
Memory Corruption - Generic |
mg36 |
Low |
2017-03-09 |
| Aborted - proc.c - line:143 |
Denial of Service |
ston3 |
No rating |
2017-03-09 |
| SIGSEGV - mrb_vm_exec - line:1681 |
Denial of Service |
ston3 |
No rating |
2017-03-09 |
| SIGSEGV - mrb_vm_exec - vm.c in line:1272 |
Denial of Service |
ston3 |
Low |
2017-03-09 |
| SIGABRT, SIGSEGV mspace_free() and mrb_default_allocf() |
Denial of Service |
ston3 |
No rating |
2017-03-01 |
| DoS: type confusion in mrb_no_method_error |
Denial of Service |
raydot |
Critical |
2017-03-01 |
| SIGSEGV in mrb_vm_exec |
Memory Corruption - Generic |
ston3 |
No rating |
2017-03-01 |
| Crash: Overwriting NoMethodError with a builtin class crashes/corrupts memory |
Memory Corruption - Generic |
brakhane |
High |
2017-03-01 |
| SIGSEGV - mrb_check_intern_str() - NullPointer |
Denial of Service |
ston3 |
Low |
2017-03-01 |
| SIGSEGV on mrb_vm_exec() Null Deref |
Denial of Service |
ston3 |
Low |
2017-03-01 |
| segafult in mruby's sprintf - mrb_str_format |
Denial of Service |
aerodudrizzt |
Medium |
2017-02-28 |
| Heap Buffer overflow in mrb_ary_unshift |
Denial of Service |
locator |
No rating |
2017-02-28 |
| Use After Free in mrb_vm_exec |
Denial of Service |
locator |
No rating |
2017-02-28 |
| Incorrect code generation with redo inside NODE_RESCUE. |
Denial of Service |
dgaletic |
Low |
2017-02-28 |
| Recursion causing uninitialized memory reads leading to a segfault |
Memory Corruption - Generic |
dgaletic |
Low |
2017-02-28 |
| A crash when an exception is caught in a caller and the receiver returned from `ensure` |
None supplied |
ahmadsherif |
No rating |
2017-02-28 |
| Denial of service (segfault) due to null pointer dereference in mrb_vm_exec |
Denial of Service |
d4nny |
Medium |
2017-02-28 |
| Denial of service (segfault) due to null pointer dereference in mrb_obj_instance_eval |
Denial of Service |
d4nny |
Medium |
2017-02-28 |
| Heap buffer oveflow with many arguments |
Memory Corruption - Generic |
titanous |
No rating |
2017-02-28 |
| Segmentfault at mrb_vm_exec |
Denial of Service |
locator |
Medium |
2017-02-28 |
| Heap Buffer overflow in mrb_funcall_with_block |
Denial of Service |
locator |
Low |
2017-02-27 |
| SIGSEGV Null Pointer mrb_str_concat() |
Denial of Service |
ston3 |
Low |
2017-02-10 |
| SIGSEGV mrb_obj_freeze() Manipulating Register RAX and RSI |
Memory Corruption - Generic |
ston3 |
Low |
2017-02-10 |
| SIGSEGV on mruby mrb_get_args() |
Denial of Service |
ston3 |
Low |
2017-02-10 |
| heap-buffer-overflow on mruby |
Memory Corruption - Generic |
ahihi |
None |
2017-02-10 |
| mrb_vformat() heap overflow could lead to code execution |
Memory Corruption - Generic |
mg36 |
None |
2017-02-10 |
| heap-use-after-free /home/operac/testafl/mruby/mrubylast/mruby/src/gc.c |
Memory Corruption - Generic |
fms |
No rating |
2017-02-07 |
| Null pointer dereference in mrb_random_initialize |
Denial of Service |
eboda |
None |
2017-02-07 |
| Crash in print_backtrace |
Denial of Service |
tunz |
No rating |
2017-02-07 |
| Still heap overflow in mrb_ary_splice |
Denial of Service |
tunz |
No rating |
2017-02-07 |
| Null pointer dereference in mrb_str_prepend |
Denial of Service |
tunz |
No rating |
2017-02-07 |
| Null pointer dereference in mrb_str_modify |
Denial of Service |
marotagem_vrt |
Low |
2017-02-07 |
| Double free of filename after codegen error |
Memory Corruption - Generic |
titanous |
No rating |
2017-02-07 |
| attempting double-free using the mruby compiler `mrbc` |
Memory Corruption - Generic |
geeknik |
High |
2017-02-07 |
| Heap use-after-free during range creation |
Memory Corruption - Generic |
titanous |
Low |
2017-02-07 |
| Heap overflow due to off-by-one when expanding stack |
Memory Corruption - Generic |
titanous |
No rating |
2017-02-07 |
| mrb_str_modify try to write to memory not marked for writing |
Denial of Service |
marotagem_vrt |
No rating |
2017-02-06 |
| SIGABRT - mrb_default_allocf |
Memory Corruption - Generic |
icanthack |
Low |
2017-02-05 |
| Segmentation fault on program counter |
Memory Corruption - Generic |
icanthack |
Low |
2017-02-05 |
| Memory disclosure in timegm |
Memory Corruption - Generic |
volc |
Low |
2017-02-01 |
| Use After Free in str_replace |
Memory Corruption - Generic |
tunz |
No rating |
2017-01-31 |
| Type confusion in wrap_decimal leading to memory corruption |
Code Injection |
raydot |
Critical |
2017-01-15 |
| Null pointer dereference due to TOCTTOU bug in mrb_time_initialize |
Denial of Service |
raydot |
High |
2017-01-15 |
| ruby DoS https://www.mruby.science |
Denial of Service |
bugdelivery |
High |
2017-01-15 |
| Integer Overflow in mrb_ary_set |
Memory Corruption - Generic |
tunz |
No rating |
2017-01-12 |
| Heap Overflow in mrb_arb_splice |
Memory Corruption - Generic |
tunz |
Low |
2017-01-12 |
| Invalid handling of zero-length heredoc identifiers leads to infinite loop in the sandbox |
Denial of Service |
dkasak |
High |
2017-01-12 |
| Incorrect code generation when result of NODE_NEGATE is not used |
Denial of Service |
dkasak |
Low |
2017-01-12 |
| Invalid memory access in `mrb_str_format` |
Denial of Service |
haquaman |
None |
2017-01-11 |
| Deleting Key-value pair from Frozen HASH or Clearing a Frozen HASH |
Violation of Secure Design Principles |
an0n-j |
None |
2017-01-05 |
| Broken handling of maximum number of method call arguments leads to segfault |
Denial of Service |
dkasak |
High |
2016-12-21 |
| Invalid memory write caused by incorrect upper bound in array_copy |
Denial of Service |
haquaman |
Low |
2016-12-18 |
| Buffer overflow in mrb_time_asctime |
Denial of Service |
haquaman |
High |
2016-12-18 |
| Read after free in mrb_vm_exec with OP_ARYCAT reading R(B) |
Memory Corruption - Generic |
haquaman |
No rating |
2016-12-18 |
| Segfault when passing invalid values to `values_at` |
Denial of Service |
dkasak |
Low |
2016-12-18 |
| Null pointer dereference due to bug in codegen with negation of floats |
Denial of Service |
haquaman |
No rating |
2016-12-17 |
| Segmentation fault due to invalid memory access in codegen when using break with the 127th argument a constant |
Denial of Service |
haquaman |
No rating |
2016-12-17 |
| Denial of Service in mruby due to null pointer dereference |
Denial of Service |
haquaman |
High |
2016-12-17 |
| Null pointer dereference regression in parse.y |
Denial of Service |
haquaman |
Low |
2016-12-17 |
| Null pointer derefence due to bug in codegen with negation without using value |
Denial of Service |
haquaman |
High |
2016-12-17 |
| Segmentation fault due to bad memory access in kh_get_mt |
Denial of Service |
haquaman |
High |
2016-12-17 |
| Denial of service due to invalid memory access in mrb_ary_concat |
Denial of Service |
haquaman |
High |
2016-12-17 |
| NULL pointer dereference when parsing ternary operators |
Denial of Service |
jpenalbae |
High |
2016-12-17 |
| SIGSEGV when invalid argument on remove_method |
Denial of Service |
jpenalbae |
High |
2016-12-17 |
| SIGSEV on mrb_ary_splice |
Denial of Service |
jpenalbae |
High |
2016-12-17 |
| SIGSEGV on mruby mrb_str_modify() (Invalid memory access) |
Denial of Service |
jpenalbae |
High |
2016-12-17 |
| SIGSEGV on mruby's mark_tbl() (Invalid memory access) |
Memory Corruption - Generic |
jpenalbae |
High |
2016-12-17 |
| Range#initialize_copy null pointer dereference |
Denial of Service |
charliesome |
High |
2016-12-17 |
| Undefined method_missing null pointer dereference |
Denial of Service |
charliesome |
High |
2016-12-17 |
| Struct type confusion RCE |
Code Injection |
charliesome |
Critical |
2016-12-17 |
| Range constructor type confusion DoS |
Denial of Service |
charliesome |
High |
2016-12-17 |
| Null target_class DoS |
Denial of Service |
charliesome |
High |
2016-12-17 |
| Null pointer dereference in ary_concat |
Denial of Service |
haquaman |
No rating |
2016-12-17 |
| Invalid memory access while freeing memory, caused by invalid type passed to mrb_ary_unshift |
Denial of Service |
haquaman |
No rating |
2016-12-17 |
| Null pointer dereference in mrb_str_concat |
Denial of Service |
haquaman |
No rating |
2016-12-17 |
| Segfault and/or potential unwanted (byte)code execution with "break" and "||=" inside a loop |
Denial of Service |
dkasak |
High |
2016-12-16 |
| TOCTTOU bug in mrb_str_setbyte leading the memory corruption |
Code Injection |
raydot |
Critical |
2016-12-16 |
| Memory disclosure in mruby String#lines method |
Memory Corruption - Generic |
isra17 |
High |
2016-12-16 |
| Type confusion in mrb_exc_set leading to memory corruption |
Denial of Service |
raydot |
Critical |
2016-12-16 |
| Crash: Initialize Decimal with itself triggers an assertion |
None supplied |
brakhane |
High |
2016-12-16 |
| Exception cause SIGABRT |
Denial of Service |
isra17 |
High |
2016-12-16 |
| Use after free vulnerability in mruby Array#to_h causing DOS possible RCE |
Code Injection |
isra17 |
Critical |
2016-12-16 |
| Crash: mrb_any_to_s can't handle NilClass, Symbol and Fixnum |
Memory Corruption - Generic |
brakhane |
High |
2016-12-16 |
| Crash: A call to Symbol.new leads to a crash when inspecting the resulting object |
Memory Corruption - Generic |
brakhane |
Low |
2016-12-16 |
| mruby-time: Crash host with uninitialized Time obj |
Memory Corruption - Generic |
brakhane |
High |
2016-12-16 |
| Crash: calling Proc::initialize_copy with a Proc instance where initialize never ran leads to a crash |
Memory Corruption - Generic |
brakhane |
High |
2016-12-16 |
| Segfault in mruby, mruby_engine and the parent MRI Ruby due to null pointer dereference |
Denial of Service |
dkasak |
High |
2016-12-16 |
Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles