{"id":"UBUNTU-CVE-2022-0240","details":"mruby is vulnerable to NULL Pointer Dereference","modified":"2026-04-27T17:13:44.234347Z","published":"2022-01-17T14:15:00Z","upstream":["CVE-2022-0240"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-0240"},{"type":"REPORT","url":"https://huntr.dev/bounties/5857eced-aad9-417d-864e-0bdf17226cbb"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2022-0240"}],"affected":[{"package":{"name":"groonga","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/groonga@6.0.1-1ubuntu1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.0.6.1-2ubuntu2","4.0.6.1-2ubuntu3","5.1.1-1ubuntu2","5.1.2-1ubuntu1","6.0.0-1ubuntu2","6.0.1-1ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"groonga","binary_version":"6.0.1-1ubuntu1"},{"binary_name":"groonga-bin","binary_version":"6.0.1-1ubuntu1"},{"binary_name":"groonga-examples","binary_version":"6.0.1-1ubuntu1"},{"binary_name":"groonga-httpd","binary_version":"6.0.1-1ubuntu1"},{"binary_name":"groonga-munin-plugins","binary_version":"6.0.1-1ubuntu1"},{"binary_name":"groonga-plugin-suggest","binary_version":"6.0.1-1ubuntu1"},{"binary_name":"groonga-server-common","binary_version":"6.0.1-1ubuntu1"},{"binary_name":"groonga-server-gqtp","binary_version":"6.0.1-1ubuntu1"},{"binary_name":"groonga-token-filter-stem","binary_version":"6.0.1-1ubuntu1"},{"binary_name":"groonga-tokenizer-mecab","binary_version":"6.0.1-1ubuntu1"},{"binary_name":"libgroonga0","binary_version":"6.0.1-1ubuntu1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-0240.json"}},{"package":{"name":"mruby","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/mruby@1.2.0+20160315+git4f20d58a-1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.1.0+20150817+gita1731254-1","1.1.0+20150906+git1cbbb7e1-1","1.2.0+20160315+git4f20d58a-1"],"ecosystem_specific":{"binaries":[{"binary_name":"mruby","binary_version":"1.2.0+20160315+git4f20d58a-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-0240.json"}},{"package":{"name":"groonga","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/groonga@8.0.0-1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["7.0.6-1","7.0.8-1","7.0.9-1","7.1.0-1","7.1.1-1","7.1.1-1build1","8.0.0-1"],"ecosystem_specific":{"binaries":[{"binary_name":"groonga","binary_version":"8.0.0-1"},{"binary_name":"groonga-bin","binary_version":"8.0.0-1"},{"binary_name":"groonga-examples","binary_version":"8.0.0-1"},{"binary_name":"groonga-httpd","binary_version":"8.0.0-1"},{"binary_name":"groonga-munin-plugins","binary_version":"8.0.0-1"},{"binary_name":"groonga-plugin-suggest","binary_version":"8.0.0-1"},{"binary_name":"groonga-server-common","binary_version":"8.0.0-1"},{"binary_name":"groonga-server-gqtp","binary_version":"8.0.0-1"},{"binary_name":"groonga-token-filter-stem","binary_version":"8.0.0-1"},{"binary_name":"groonga-tokenizer-mecab","binary_version":"8.0.0-1"},{"binary_name":"libgroonga0","binary_version":"8.0.0-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-0240.json"}},{"package":{"name":"h2o","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/h2o@2.2.4+dfsg-1ubuntu0.1~esm2?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.2.3+dfsg-2","2.2.4+dfsg-1","2.2.4+dfsg-1build1","2.2.4+dfsg-1ubuntu0.1~esm2"],"ecosystem_specific":{"binaries":[{"binary_name":"h2o","binary_version":"2.2.4+dfsg-1ubuntu0.1~esm2"},{"binary_name":"libh2o-dev-common","binary_version":"2.2.4+dfsg-1ubuntu0.1~esm2"},{"binary_name":"libh2o-evloop0.13","binary_version":"2.2.4+dfsg-1ubuntu0.1~esm2"},{"binary_name":"libh2o0.13","binary_version":"2.2.4+dfsg-1ubuntu0.1~esm2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-0240.json"}},{"package":{"name":"mruby","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/mruby@1.4.0-1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.3.0-1","1.3.0+20170925+git38185028-1","1.3.0+20171029+git77edafb0-1","1.4.0-1"],"ecosystem_specific":{"binaries":[{"binary_name":"mruby","binary_version":"1.4.0-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-0240.json"}},{"package":{"name":"groonga","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/groonga@9.1.2-1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["9.0.7-1","9.0.7-1build1","9.0.8-1","9.0.9-1","9.1.0-1","9.1.1-1","9.1.2-1"],"ecosystem_specific":{"binaries":[{"binary_name":"groonga","binary_version":"9.1.2-1"},{"binary_name":"groonga-bin","binary_version":"9.1.2-1"},{"binary_name":"groonga-examples","binary_version":"9.1.2-1"},{"binary_name":"groonga-httpd","binary_version":"9.1.2-1"},{"binary_name":"groonga-munin-plugins","binary_version":"9.1.2-1"},{"binary_name":"groonga-plugin-suggest","binary_version":"9.1.2-1"},{"binary_name":"groonga-server-common","binary_version":"9.1.2-1"},{"binary_name":"groonga-server-gqtp","binary_version":"9.1.2-1"},{"binary_name":"groonga-token-filter-stem","binary_version":"9.1.2-1"},{"binary_name":"groonga-tokenizer-mecab","binary_version":"9.1.2-1"},{"binary_name":"libgroonga0","binary_version":"9.1.2-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-0240.json"}},{"package":{"name":"h2o","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/h2o@2.2.5+dfsg2-3ubuntu0.1~esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.2.5+dfsg2-3","2.2.5+dfsg2-3build1","2.2.5+dfsg2-3ubuntu0.1~esm1"],"ecosystem_specific":{"binaries":[{"binary_name":"h2o","binary_version":"2.2.5+dfsg2-3ubuntu0.1~esm1"},{"binary_name":"libh2o-dev-common","binary_version":"2.2.5+dfsg2-3ubuntu0.1~esm1"},{"binary_name":"libh2o-evloop0.13","binary_version":"2.2.5+dfsg2-3ubuntu0.1~esm1"},{"binary_name":"libh2o0.13","binary_version":"2.2.5+dfsg2-3ubuntu0.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-0240.json"}},{"package":{"name":"mruby","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/mruby@2.0.0-1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.0.0-1"],"ecosystem_specific":{"binaries":[{"binary_name":"mruby","binary_version":"2.0.0-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-0240.json"}},{"package":{"name":"groonga","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/groonga@12.0.0-1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["11.0.0-2","11.0.7-1","11.0.9-1","11.0.9-1build1","11.1.0-1","11.1.1-1","12.0.0-1"],"ecosystem_specific":{"binaries":[{"binary_name":"groonga","binary_version":"12.0.0-1"},{"binary_name":"groonga-bin","binary_version":"12.0.0-1"},{"binary_name":"groonga-examples","binary_version":"12.0.0-1"},{"binary_name":"groonga-httpd","binary_version":"12.0.0-1"},{"binary_name":"groonga-munin-plugins","binary_version":"12.0.0-1"},{"binary_name":"groonga-plugin-suggest","binary_version":"12.0.0-1"},{"binary_name":"groonga-server-common","binary_version":"12.0.0-1"},{"binary_name":"groonga-server-gqtp","binary_version":"12.0.0-1"},{"binary_name":"groonga-token-filter-stem","binary_version":"12.0.0-1"},{"binary_name":"groonga-tokenizer-mecab","binary_version":"12.0.0-1"},{"binary_name":"libgroonga0","binary_version":"12.0.0-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-0240.json"}},{"package":{"name":"mruby","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/mruby@3.0.0-3?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.1.2-3","3.0.0-1","3.0.0-3"],"ecosystem_specific":{"binaries":[{"binary_name":"mruby","binary_version":"3.0.0-3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-0240.json"}},{"package":{"name":"h2o","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/h2o@2.2.5+dfsg2-6.1ubuntu2+esm1?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.2.5+dfsg2-6","2.2.5+dfsg2-6.1","2.2.5+dfsg2-6.1ubuntu1","2.2.5+dfsg2-6.1ubuntu2","2.2.5+dfsg2-6.1ubuntu2+esm1"],"ecosystem_specific":{"binaries":[{"binary_name":"h2o","binary_version":"2.2.5+dfsg2-6.1ubuntu2+esm1"},{"binary_name":"libh2o-dev-common","binary_version":"2.2.5+dfsg2-6.1ubuntu2+esm1"},{"binary_name":"libh2o-evloop0.13","binary_version":"2.2.5+dfsg2-6.1ubuntu2+esm1"},{"binary_name":"libh2o0.13","binary_version":"2.2.5+dfsg2-6.1ubuntu2+esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-0240.json"}},{"package":{"name":"groonga","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/groonga@13.1.1+dfsg-1.1build2?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["13.0.1+dfsg-1","13.0.8+dfsg-1","13.0.9+dfsg-1","13.1.1+dfsg-1","13.1.1+dfsg-1.1","13.1.1+dfsg-1.1build2"],"ecosystem_specific":{"binaries":[{"binary_name":"groonga","binary_version":"13.1.1+dfsg-1.1build2"},{"binary_name":"groonga-bin","binary_version":"13.1.1+dfsg-1.1build2"},{"binary_name":"groonga-examples","binary_version":"13.1.1+dfsg-1.1build2"},{"binary_name":"groonga-munin-plugins","binary_version":"13.1.1+dfsg-1.1build2"},{"binary_name":"groonga-plugin-suggest","binary_version":"13.1.1+dfsg-1.1build2"},{"binary_name":"groonga-server-common","binary_version":"13.1.1+dfsg-1.1build2"},{"binary_name":"groonga-server-gqtp","binary_version":"13.1.1+dfsg-1.1build2"},{"binary_name":"groonga-server-http","binary_version":"13.1.1+dfsg-1.1build2"},{"binary_name":"groonga-token-filter-stem","binary_version":"13.1.1+dfsg-1.1build2"},{"binary_name":"groonga-tokenizer-mecab","binary_version":"13.1.1+dfsg-1.1build2"},{"binary_name":"libgroonga0t64","binary_version":"13.1.1+dfsg-1.1build2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-0240.json"}},{"package":{"name":"h2o","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/h2o@2.2.5+dfsg2-8.1ubuntu3?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.2.5+dfsg2-7","2.2.5+dfsg2-8","2.2.5+dfsg2-8.1ubuntu1","2.2.5+dfsg2-8.1ubuntu2","2.2.5+dfsg2-8.1ubuntu3"],"ecosystem_specific":{"binaries":[{"binary_name":"h2o","binary_version":"2.2.5+dfsg2-8.1ubuntu3"},{"binary_name":"libh2o-dev-common","binary_version":"2.2.5+dfsg2-8.1ubuntu3"},{"binary_name":"libh2o-evloop0.13t64","binary_version":"2.2.5+dfsg2-8.1ubuntu3"},{"binary_name":"libh2o0.13t64","binary_version":"2.2.5+dfsg2-8.1ubuntu3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-0240.json"}},{"package":{"name":"mruby","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/mruby@3.2.0-2?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.2.0-1","3.2.0-2"],"ecosystem_specific":{"binaries":[{"binary_name":"mruby","binary_version":"3.2.0-2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-0240.json"}},{"package":{"name":"groonga","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/groonga@15.1.5+dfsg-2?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["14.1.0+dfsg-3","15.0.4+dfsg-1","15.0.4+dfsg-2","15.1.5+dfsg-2"],"ecosystem_specific":{"binaries":[{"binary_name":"groonga","binary_version":"15.1.5+dfsg-2"},{"binary_name":"groonga-bin","binary_version":"15.1.5+dfsg-2"},{"binary_name":"groonga-examples","binary_version":"15.1.5+dfsg-2"},{"binary_name":"groonga-munin-plugins","binary_version":"15.1.5+dfsg-2"},{"binary_name":"groonga-plugin-suggest","binary_version":"15.1.5+dfsg-2"},{"binary_name":"groonga-server-common","binary_version":"15.1.5+dfsg-2"},{"binary_name":"groonga-server-gqtp","binary_version":"15.1.5+dfsg-2"},{"binary_name":"groonga-server-http","binary_version":"15.1.5+dfsg-2"},{"binary_name":"groonga-token-filter-stem","binary_version":"15.1.5+dfsg-2"},{"binary_name":"groonga-tokenizer-mecab","binary_version":"15.1.5+dfsg-2"},{"binary_name":"libgroonga0t64","binary_version":"15.1.5+dfsg-2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-0240.json"}},{"package":{"name":"mruby","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/mruby@3.3.0-1?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.3.0-1"],"ecosystem_specific":{"binaries":[{"binary_name":"mruby","binary_version":"3.3.0-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-0240.json"}},{"package":{"name":"groonga","ecosystem":"Ubuntu:26.04","purl":"pkg:deb/ubuntu/groonga@16.0.0+dfsg-1?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["15.1.5+dfsg-2","15.1.7+dfsg-1","15.1.9+dfsg-1","15.2.0+dfsg-1","15.2.1+dfsg-1","15.2.3+dfsg-1","16.0.0+dfsg-1"],"ecosystem_specific":{"binaries":[{"binary_name":"groonga","binary_version":"16.0.0+dfsg-1"},{"binary_name":"groonga-bin","binary_version":"16.0.0+dfsg-1"},{"binary_name":"groonga-examples","binary_version":"16.0.0+dfsg-1"},{"binary_name":"groonga-munin-plugins","binary_version":"16.0.0+dfsg-1"},{"binary_name":"groonga-plugin-suggest","binary_version":"16.0.0+dfsg-1"},{"binary_name":"groonga-server-common","binary_version":"16.0.0+dfsg-1"},{"binary_name":"groonga-server-gqtp","binary_version":"16.0.0+dfsg-1"},{"binary_name":"groonga-server-http","binary_version":"16.0.0+dfsg-1"},{"binary_name":"groonga-token-filter-stem","binary_version":"16.0.0+dfsg-1"},{"binary_name":"groonga-tokenizer-mecab","binary_version":"16.0.0+dfsg-1"},{"binary_name":"libgroonga0t64","binary_version":"16.0.0+dfsg-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-0240.json"}},{"package":{"name":"mruby","ecosystem":"Ubuntu:26.04","purl":"pkg:deb/ubuntu/mruby@3.4.0-2?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.3.0-1","3.4.0-2"],"ecosystem_specific":{"binaries":[{"binary_name":"mruby","binary_version":"3.4.0-2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-0240.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]}