{"id":"CVE-2017-9527","details":"The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impact via a crafted .rb file.","modified":"2026-04-11T03:11:44.670509Z","published":"2017-06-11T17:29:00.160Z","references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00006.html"},{"type":"FIX","url":"https://github.com/mruby/mruby/commit/5c114c91d4ff31859fcd84cf8bf349b737b90d99"},{"type":"FIX","url":"https://github.com/mruby/mruby/issues/3486"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mruby/mruby","events":[{"introduced":"0"},{"last_affected":"22464fe5a0a10f2b077eaba109ce1e912e4a77de"},{"fixed":"5c114c91d4ff31859fcd84cf8bf349b737b90d99"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.2.0"}]}}],"versions":["1.0.0","1.1.0","1.2.0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9527.json","vanir_signatures":[{"target":{"file":"src/gc.c","function":"mark_context_stack"},"source":"https://github.com/mruby/mruby/commit/5c114c91d4ff31859fcd84cf8bf349b737b90d99","signature_version":"v1","digest":{"length":547,"function_hash":"286219651794874583022066205112029788158"},"id":"CVE-2017-9527-0b64423d","deprecated":false,"signature_type":"Function"},{"target":{"file":"src/gc.c"},"source":"https://github.com/mruby/mruby/commit/5c114c91d4ff31859fcd84cf8bf349b737b90d99","signature_version":"v1","digest":{"line_hashes":["239328260997774354437319465623085189723","278749016881778886418842281945883168779","113515937360586162616117102418961035864","185062502001950100527544536542242255813","94831734521497849468177636311830953652","136229001971788190294863844937971499822","215219651310723059012235489279416079175","317851459485684649508170802408184894780","241504984179936146407905117891020266225","247869340733954520892314820391799532118","43035428114706040117447406129172114308","139392374937586911940466184861622959537","108587633537507210242609878158511307392","173878156555487118740790950504304142821","104076392047553672763771949455293999536"],"threshold":0.9},"id":"CVE-2017-9527-76c1b6a1","deprecated":false,"signature_type":"Line"}],"vanir_signatures_modified":"2026-04-11T03:11:44Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}