Login Sign Up

CVE-2022-1071

8.2 HIGH
Denial of Service

📋 TL;DR

CVE-2022-1071 is a use-after-free vulnerability in mrb_vm_exec in mruby, a lightweight Ruby implementation. This vulnerability allows attackers to execute arbitrary code or cause denial of service by exploiting memory corruption. It affects any system running vulnerable versions of mruby prior to 3.2.

💻 Affected Systems

Products:
  • mruby
Versions: All versions prior to 3.2
Operating Systems: All platforms running mruby
Default Config Vulnerable: ⚠️ Yes
Notes: Any application or system using mruby libraries or interpreters is potentially vulnerable.

📦 What is this software?

Mruby by Mruby

View all CVEs affecting Mruby →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Application crash causing denial of service, potentially leading to memory corruption that could be leveraged for further exploitation.

🟢

If Mitigated

Limited impact if proper memory protections (ASLR, DEP) are enabled and the application runs with minimal privileges.

🌐 Internet-Facing: HIGH if mruby processes untrusted input from external sources.
🏢 Internal Only: MEDIUM if mruby only processes trusted internal data, but exploitation could still lead to lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting malicious input that triggers the use-after-free condition in the virtual machine executor.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: mruby 3.2 and later

Vendor Advisory: https://github.com/mruby/mruby/commit/aaa28a508903041dd7399d4159a8ace9766b022f

Restart Required: Yes

Instructions:

1. Update mruby to version 3.2 or later. 2. Recompile any applications using mruby. 3. Restart affected services.

🔧 Temporary Workarounds

Input validation and sanitization

all

Implement strict input validation to prevent malicious code from reaching mruby interpreter.

Memory protection hardening

linux

Enable ASLR, DEP, and other memory protection mechanisms at the OS level.

echo 2 > /proc/sys/kernel/randomize_va_space
sysctl -w kernel.exec-shield=1

🧯 If You Can't Patch

  • Isolate affected systems in network segments with strict access controls.
  • Implement application-level firewalls to filter malicious input before it reaches mruby.

🔍 How to Verify

Check if Vulnerable:

Check mruby version with 'mruby --version' or examine application dependencies for mruby < 3.2.

Check Version:

mruby --version

Verify Fix Applied:

Confirm mruby version is 3.2 or later and verify the commit aaa28a5 is present in the source.

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault logs
  • Abnormal process termination
  • Memory access violation errors

Network Indicators:

  • Unusual network connections from mruby processes
  • Unexpected outbound traffic

SIEM Query:

process_name:"mruby" AND (event_type:"crash" OR memory_violation:"true")

📊 Metadata

CVE ID: CVE-2022-1071
CVSS v3 Score: 8.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CWE: CWE-416
Published: March 26, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-1071, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)