{"id":"CVE-2018-12247","details":"An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class, related to certain .clone usage, because mrb_obj_clone in kernel.c copies flags other than the MRB_FLAG_IS_FROZEN flag (e.g., the embedded flag).","modified":"2026-03-14T09:27:30.112201Z","published":"2018-06-12T14:29:00.320Z","references":[{"type":"REPORT","url":"https://github.com/mruby/mruby/issues/4036"},{"type":"FIX","url":"https://github.com/mruby/mruby/commit/55edae0226409de25e59922807cb09acb45731a2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mruby/mruby","events":[{"introduced":"0"},{"last_affected":"023070a6396233974785a8fd5735b9380a884f27"},{"fixed":"55edae0226409de25e59922807cb09acb45731a2"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.4.1"}]}}],"versions":["1.0.0","1.1.0","1.2.0","1.3.0","1.4.0","1.4.1"],"database_specific":{"vanir_signatures":[{"target":{"file":"src/kernel.c"},"signature_version":"v1","signature_type":"Line","source":"https://github.com/mruby/mruby/commit/55edae0226409de25e59922807cb09acb45731a2","deprecated":false,"id":"CVE-2018-12247-3b0da953","digest":{"threshold":0.9,"line_hashes":["102816363305778049823980777167350026179","103805952287690511097074812976702907717","331703906774384260930834427119845851482","310263058440737007007115708403918139423"]}},{"target":{"file":"src/kernel.c","function":"mrb_obj_clone"},"signature_version":"v1","signature_type":"Function","source":"https://github.com/mruby/mruby/commit/55edae0226409de25e59922807cb09acb45731a2","deprecated":false,"id":"CVE-2018-12247-da979e61","digest":{"length":593,"function_hash":"155145910620032928335793504528105032157"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-12247.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}