{"id":"CVE-2018-12248","details":"An issue was discovered in mruby 1.4.1. There is a heap-based buffer over-read associated with OP_ENTER because mrbgems/mruby-fiber/src/fiber.c does not extend the stack in cases of many arguments to fiber.","modified":"2026-04-11T06:58:42.844496Z","published":"2018-06-12T14:29:00.400Z","references":[{"type":"REPORT","url":"https://github.com/mruby/mruby/issues/4038"},{"type":"FIX","url":"https://github.com/mruby/mruby/commit/778500563a9f7ceba996937dc886bd8cde29b42b"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mruby/mruby","events":[{"introduced":"0"},{"last_affected":"023070a6396233974785a8fd5735b9380a884f27"},{"fixed":"778500563a9f7ceba996937dc886bd8cde29b42b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.4.1"}]}}],"versions":["1.0.0","1.1.0","1.2.0","1.4.1"],"database_specific":{"vanir_signatures":[{"target":{"function":"fiber_switch","file":"mrbgems/mruby-fiber/src/fiber.c"},"source":"https://github.com/mruby/mruby/commit/778500563a9f7ceba996937dc886bd8cde29b42b","deprecated":false,"id":"CVE-2018-12248-57dd5406","digest":{"length":1425,"function_hash":"147070256114492561439229310213750951605"},"signature_type":"Function","signature_version":"v1"},{"target":{"file":"mrbgems/mruby-fiber/src/fiber.c"},"source":"https://github.com/mruby/mruby/commit/778500563a9f7ceba996937dc886bd8cde29b42b","deprecated":false,"id":"CVE-2018-12248-f67b30c9","digest":{"threshold":0.9,"line_hashes":["279665797800738958414960149610261648694","126518444906473700447655695037853586908","20559788607066877032068248299978847995","209494054320537949101552931986372205443","22221124249016034453580577284055838032","91268916105831621533622244742851572844","305217786895579078748468691908486590145","185034954096646194127965433998711624991","219336761342710677225899571521653541945","316249854355391370072921855180627731711","285233862504349142769183547588553601873","334994637967466365511739291662493057004","198558109256871638307795241135490981851","266147102060991913635262564430149535902","208405107013978956115196911008454797251","324396588618655799450191183593268507354","249383793064843333912001284948644464934","84710594130326809198579967604788435076","72526865657363877838250552687526864350","200848887334134031069234585636769649815","90524830406101585123909238316358164647","195322834296668541039780842188718179536","135770582455980523770569232759809025244","331320109063418657266139318525759669180","229755145831027627768656589443992544207","235856800093588102611269600381015740395"]},"signature_type":"Line","signature_version":"v1"}],"vanir_signatures_modified":"2026-04-11T06:58:42Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-12248.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}