Login Sign Up

CVE-2022-1212

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2022-1212 is a use-after-free vulnerability in mruby's str_escape function that could allow attackers to execute arbitrary code. This affects applications using mruby versions prior to 3.2. The vulnerability is particularly dangerous due to its high CVSS score of 9.8.

💻 Affected Systems

Products:
  • mruby
Versions: All versions prior to 3.2
Operating Systems: All operating systems running mruby
Default Config Vulnerable: ⚠️ Yes
Notes: Any application or system using mruby as an embedded Ruby interpreter is affected.

📦 What is this software?

Mruby by Mruby

View all CVEs affecting Mruby →

Mruby by Mruby

View all CVEs affecting Mruby →

Mruby by Mruby

View all CVEs affecting Mruby →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with remote code execution leading to data theft, ransomware deployment, or complete system takeover.

🟠

Likely Case

Application crash leading to denial of service, with potential for limited code execution in memory-constrained environments.

🟢

If Mitigated

Application crash without code execution if memory protections like ASLR are effective.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires triggering the vulnerable str_escape function with specific inputs.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: mruby 3.2 and later

Vendor Advisory: https://github.com/mruby/mruby/commit/3cf291f72224715942beaf8553e42ba8891ab3c6

Restart Required: Yes

Instructions:

1. Update mruby to version 3.2 or later. 2. Recompile any applications using mruby. 3. Restart affected services.

🔧 Temporary Workarounds

Disable vulnerable functionality

all

Avoid using str_escape function in application code if possible.

🧯 If You Can't Patch

  • Implement strict input validation to prevent triggering the vulnerable code path.
  • Deploy memory protection mechanisms like ASLR and DEP to reduce exploit success.

🔍 How to Verify

Check if Vulnerable:

Check mruby version with 'mruby --version' or examine application dependencies.

Check Version:

mruby --version

Verify Fix Applied:

Confirm mruby version is 3.2 or later and verify the commit 3cf291f72224715942beaf8553e42ba8891ab3c6 is applied.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with memory access violations
  • Unexpected process terminations

Network Indicators:

  • Unusual network connections from mruby processes

SIEM Query:

Process termination events from mruby applications OR memory access violation logs

📊 Metadata

CVE ID: CVE-2022-1212
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: April 5, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-1212, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)