Top reports from shopify-scripts program at HackerOne:
- DoS: type confusion in mrb_no_method_error to shopify-scripts - 60 upvotes, $0
- Type confusion in mrb_exc_set leading to memory corruption to shopify-scripts - 40 upvotes, $0
- Crash in mrb_ary_push to shopify-scripts - 37 upvotes, $800
- Type confusion in wrap_decimal leading to memory corruption to shopify-scripts - 35 upvotes, $0
- Buffer overflow in yywarning_s to shopify-scripts - 33 upvotes, $1000
- Use after free vulnerability in mruby Array#to_h causing DOS possible RCE to shopify-scripts - 29 upvotes, $0
- Invalid handling of zero-length heredoc identifiers leads to infinite loop in the sandbox to shopify-scripts - 23 upvotes, $10000
- TOCTTOU bug in mrb_str_setbyte leading the memory corruption to shopify-scripts - 23 upvotes, $0
- Crash: Overwriting NoMethodError with a builtin class crashes/corrupts memory to shopify-scripts - 20 upvotes, $10000
- Null pointer dereference due to TOCTTOU bug in mrb_time_initialize to shopify-scripts - 15 upvotes, $0
- Segfault and/or potential unwanted (byte)code execution with "break" and "||=" inside a loop to shopify-scripts - 13 upvotes, $10000
- Buffer overflow in mrb_time_asctime to shopify-scripts - 13 upvotes, $10000
- Null target_class DoS to shopify-scripts - 13 upvotes, $8000
- Segmentation fault when a Ruby method is invoked by a C method via Object#send to shopify-scripts - 13 upvotes, $8000
- Exception cause SIGABRT to shopify-scripts - 13 upvotes, $0
- SIGABRT - mrb_default_allocf to shopify-scripts - 13 upvotes, $0
- Heap buffer oveflow with many arguments to shopify-scripts - 12 upvotes, $800
- Deleting Key-value pair from Frozen HASH or Clearing a Frozen HASH to shopify-scripts - 12 upvotes, $0
- Clearing , Shifting and Pop Value from Frozen Array to shopify-scripts - 12 upvotes, $0
- Certain inputs cause tight C-level recursion leading to process stack overflow to shopify-scripts - 11 upvotes, $10000
- Broken handling of maximum number of method call arguments leads to segfault to shopify-scripts - 10 upvotes, $10000
- Memory disclosure in mruby String#lines method to shopify-scripts - 10 upvotes, $0
- NULL pointer dereference when parsing ternary operators to shopify-scripts - 10 upvotes, $0
- Segmentation fault on program counter to shopify-scripts - 10 upvotes, $0
- Struct type confusion RCE to shopify-scripts - 9 upvotes, $18000
- Crash: Initialize Decimal with itself triggers an assertion to shopify-scripts - 9 upvotes, $10000
- Null pointer derefence due to bug in codegen with negation without using value to shopify-scripts - 9 upvotes, $10000
- Denial of service due to invalid memory access in mrb_ary_concat to shopify-scripts - 9 upvotes, $8000
- NULL pointer dereference in
mrb_check_frozen
to shopify-scripts - 9 upvotes, $1000 - SIGSEGV when invalid argument on remove_method to shopify-scripts - 9 upvotes, $0
- Range#initialize_copy null pointer dereference to shopify-scripts - 8 upvotes, $10000
- Denial of Service in mruby due to null pointer dereference to shopify-scripts - 8 upvotes, $8000
- Read after free in mrb_vm_exec with OP_ARYCAT reading R(B) to shopify-scripts - 8 upvotes, $1000
- Incorrect code generation when result of NODE_NEGATE is not used to shopify-scripts - 8 upvotes, $1000
- Heap Buffer Overflow in mrb_hash_keys to shopify-scripts - 8 upvotes, $800
- kh_get_n2s() stack overrun to shopify-scripts - 8 upvotes, $0
- SIGSEGV - mrb_obj_extend - line:413 to shopify-scripts - 8 upvotes, $0
- Memory disclosure in timegm to shopify-scripts - 7 upvotes, $1000
- Invalid read in
str_replace_partial
to shopify-scripts - 7 upvotes, $1000 - Use After Free in str_replace to shopify-scripts - 7 upvotes, $800
- Use-after-free leading to an invalid pointer dereference to shopify-scripts - 7 upvotes, $800
- Null pointer dereference in ary_concat to shopify-scripts - 7 upvotes, $800
- SIGABRT - mirb and mruby to shopify-scripts - 7 upvotes, $0
- SIGSEGV - mark_context_stack to shopify-scripts - 7 upvotes, $0
- Range constructor type confusion DoS to shopify-scripts - 6 upvotes, $10000
- Undefined method_missing null pointer dereference to shopify-scripts - 6 upvotes, $8000
- Invalid memory write caused by incorrect upper bound in array_copy to shopify-scripts - 6 upvotes, $1000
- Double free of filename after codegen error to shopify-scripts - 6 upvotes, $200
- Memory corrouption in mrb_gc_mark to shopify-scripts - 6 upvotes, $100
- mrb_str_modify try to write to memory not marked for writing to shopify-scripts - 6 upvotes, $0
- attempting double-free using the mruby compiler
mrbc
to shopify-scripts - 6 upvotes, $0 - SIGSEGV - mrb_vm_exec - line:1681 to shopify-scripts - 6 upvotes, $0
- SIGSEGV - mrb_obj_value to shopify-scripts - 6 upvotes, $0
- SIGABRT - in free to shopify-scripts - 6 upvotes, $0
- SIGABRT in mrb_debug_info_append_file to shopify-scripts - 6 upvotes, $0
- SIGSEGV in mrb_vm_exec to shopify-scripts - 6 upvotes, $0
- heap-buffer-overflow in OP_R_BREAK to shopify-scripts - 6 upvotes, $0
- ruby DoS https://www.mruby.science to shopify-scripts - 5 upvotes, $8000
- Null pointer dereference regression in parse.y to shopify-scripts - 5 upvotes, $1000
- Segfault when passing invalid values to
values_at
to shopify-scripts - 5 upvotes, $1000 - Heap overflow due to off-by-one when expanding stack to shopify-scripts - 5 upvotes, $800
- Heap Buffer overflow in mrb_funcall_with_block to shopify-scripts - 5 upvotes, $800
- Null pointer dereferences from mrb_vm_exec to shopify-scripts - 5 upvotes, $800
- Null pointer dereferences in ary_concat to shopify-scripts - 5 upvotes, $800
- Invalid read leading to a segfault to shopify-scripts - 5 upvotes, $800
- Heap use-after-free during range creation to shopify-scripts - 5 upvotes, $200
- Null pointer dereference in mrb_random_initialize to shopify-scripts - 5 upvotes, $100
- SIGSEGV on mruby's mark_tbl() (Invalid memory access) to shopify-scripts - 5 upvotes, $0
- SIGSEGV on mruby mrb_str_modify() (Invalid memory access) to shopify-scripts - 5 upvotes, $0
- SIGSEV on mrb_ary_splice to shopify-scripts - 5 upvotes, $0
- SIGSEGV Null Pointer mrb_str_concat() to shopify-scripts - 5 upvotes, $0
- SIGSEGV - mrb_vm_exec - vm.c in line:1272 to shopify-scripts - 5 upvotes, $0
- SIGABRT - method_missing - mark_context_stack to shopify-scripts - 5 upvotes, $0
- SIGSEGV - vm.c - line:1214 to shopify-scripts - 5 upvotes, $0
- mrb_vm_exec - null ptr dereference to shopify-scripts - 5 upvotes, $0
- SIGSEGV in str_buf_cat to shopify-scripts - 5 upvotes, $0
- SIGSEGV in mrb_class to shopify-scripts - 5 upvotes, $0
- SIGABRT - mirb - Double Free to shopify-scripts - 5 upvotes, $0
- SEGV on ary_concat to shopify-scripts - 5 upvotes, $0
- Segfault in mruby, mruby_engine and the parent MRI Ruby due to null pointer dereference to shopify-scripts - 4 upvotes, $10000
- Crash: calling Proc::initialize_copy with a Proc instance where initialize never ran leads to a crash to shopify-scripts - 4 upvotes, $8000
- Crash: mrb_any_to_s can't handle NilClass, Symbol and Fixnum to shopify-scripts - 4 upvotes, $8000
- Segmentation fault due to bad memory access in kh_get_mt to shopify-scripts - 4 upvotes, $8000
- Recursion causing uninitialized memory reads leading to a segfault to shopify-scripts - 4 upvotes, $2000
- Heap Overflow in mrb_arb_splice to shopify-scripts - 4 upvotes, $800
- Heap Buffer Overflow while processing OP_SEND to shopify-scripts - 4 upvotes, $800
- Null pointer dereferences in mrb_get_args to shopify-scripts - 4 upvotes, $800
- Invalid memory access in
mrb_str_format
to shopify-scripts - 4 upvotes, $100 - Interger overflow in str_substr leading to read/write out of bound memory to shopify-scripts - 4 upvotes, $100
- Null pointer dereference in mrb_str_modify to shopify-scripts - 4 upvotes, $0
- mrb_vformat() heap overflow could lead to code execution to shopify-scripts - 4 upvotes, $0
- heap-buffer-overflow on mruby to shopify-scripts - 4 upvotes, $0
- SIGSEGV on mruby mrb_get_args() to shopify-scripts - 4 upvotes, $0
- A crash when an exception is caught in a caller and the receiver returned from
ensure
to shopify-scripts - 4 upvotes, $0 - SIGSEGV in mrb_vm_exec to shopify-scripts - 4 upvotes, $0
- Aborted - proc.c - line:143 to shopify-scripts - 4 upvotes, $0
- SIGSEGV - kh_resize_iv - Null Deref to shopify-scripts - 4 upvotes, $0
- SIGSEGV - mrb_vm_exec - line:1312 to shopify-scripts - 4 upvotes, $0
- SIGABRT - mrb_realloc_simple - gc.c - line:201 to shopify-scripts - 4 upvotes, $0
- SIGSEGV - mrb_yield_with_class to shopify-scripts - 4 upvotes, $0
- SIGABRT in only mirb to shopify-scripts - 4 upvotes, $0
- SIGSEGV in mrb_vm_exec to shopify-scripts - 4 upvotes, $0
- SIGSEGV in mrb_str_inum to shopify-scripts - 4 upvotes, $0
- heap use-after-free in mrb_vm_exec() to shopify-scripts - 4 upvotes, $0
- mruby heredoc notation to shopify-scripts - 4 upvotes, $0
- heap-use-after-free in OP_RESCUE to shopify-scripts - 4 upvotes, $0
- mruby-time: Crash host with uninitialized Time obj to shopify-scripts - 3 upvotes, $8000
- Crash: A call to Symbol.new leads to a crash when inspecting the resulting object to shopify-scripts - 3 upvotes, $1000
- Null pointer dereference in mrb_str_prepend to shopify-scripts - 3 upvotes, $800
- Still heap overflow in mrb_ary_splice to shopify-scripts - 3 upvotes, $800
- Use After Free in mrb_vm_exec to shopify-scripts - 3 upvotes, $800
- Heap Buffer overflow in mrb_ary_unshift to shopify-scripts - 3 upvotes, $800
- Invalid Pointer Reference from OP_RESCUE to shopify-scripts - 3 upvotes, $800
- Null pointer dereference in 'get_file' to shopify-scripts - 3 upvotes, $800
- kh_put_iv SEGFAULT - mruby 1.2.0 to shopify-scripts - 3 upvotes, $800
- Null pointer dereference in mrb_class to shopify-scripts - 3 upvotes, $800
- Null pointer dereference in OP_ENTER to shopify-scripts - 3 upvotes, $800
- Invalid pointer dereference in OP_ENTER to shopify-scripts - 3 upvotes, $800
- Null pointer dereferences in kh_copy_mt to shopify-scripts - 3 upvotes, $800
- heap-use-after-free in mrb_vm_exec - vm.c:1247 to shopify-scripts - 3 upvotes, $800
- Integer Overflow in mrb_ary_set to shopify-scripts - 3 upvotes, $100
- Crash in print_backtrace to shopify-scripts - 3 upvotes, $100
- Segmentfault at mrb_vm_exec to shopify-scripts - 3 upvotes, $100
- Incorrect code generation with redo inside NODE_RESCUE. to shopify-scripts - 3 upvotes, $100
- Null pointer dereference in ary_concat to shopify-scripts - 3 upvotes, $0
- SIGSEGV mrb_obj_freeze() Manipulating Register RAX and RSI to shopify-scripts - 3 upvotes, $0
- Denial of service (segfault) due to null pointer dereference in mrb_obj_instance_eval to shopify-scripts - 3 upvotes, $0
- segafult in mruby's sprintf - mrb_str_format to shopify-scripts - 3 upvotes, $0
- SIGABRT, SIGSEGV mspace_free() and mrb_default_allocf() to shopify-scripts - 3 upvotes, $0
- SIGSEGV on mrb_vm_exec() Null Deref to shopify-scripts - 3 upvotes, $0
- SIGSEGV - mrb_check_intern_str() - NullPointer to shopify-scripts - 3 upvotes, $0
- Segmentation fault - mrb_gc_mark to shopify-scripts - 3 upvotes, $0
- Controlled address leak due to type confusion - ASLR bypass to shopify-scripts - 3 upvotes, $0
- sprintf gem - format string combined attack to shopify-scripts - 3 upvotes, $0
- forgot to add the patch to shopify-scripts - 3 upvotes, $0
- mruby heap use-after-free to shopify-scripts - 3 upvotes, $0
- SIGSEGV - kh_get_n2s - in /src/symbol.c:37 to shopify-scripts - 3 upvotes, $0
- mirb only: stack-buffer-overflow (OOB write) in main() to shopify-scripts - 3 upvotes, $0
- heap-buffer-overflow (read outside of buffer) in mrb_vm_exec() to shopify-scripts - 3 upvotes, $0
- Crash in ary_concat() to shopify-scripts - 3 upvotes, $0
- OP_SCALL in LHS of a OP_ASGN resulting in arbitrary memory write to shopify-scripts - 3 upvotes, $0
- Heap Overflow in fiber_switch triggered from Fiber.transfer to shopify-scripts - 3 upvotes, $0
- Segmentation fault while printing backtrace to shopify-scripts - 2 upvotes, $1000
- Heap buffer overflow with long array assignment to shopify-scripts - 2 upvotes, $800
- Null pointer dereference in mrb_class to shopify-scripts - 2 upvotes, $800
- Null pointer dereference in mark_context_stack to shopify-scripts - 2 upvotes, $800
- SIGSEGV in array_copy - array.c:71 to shopify-scripts - 2 upvotes, $800
- Null pointer dereference with send/method_missing to shopify-scripts - 2 upvotes, $800
- Garbage collector crash to shopify-scripts - 2 upvotes, $300
- heap-use-after-free /home/operac/testafl/mruby/mrubylast/mruby/src/gc.c to shopify-scripts - 2 upvotes, $100
- SIGABRT in sym_validate_len - symbol.c:44 to shopify-scripts - 2 upvotes, $100
- heap use after free in fiber_switch to shopify-scripts - 2 upvotes, $100
- Invalid Pointer reference in L_RESCUE to shopify-scripts - 2 upvotes, $100
- Segmentation fault due to invalid memory access in codegen when using break with the 127th argument a constant to shopify-scripts - 2 upvotes, $0
- Null pointer dereference due to bug in codegen with negation of floats to shopify-scripts - 2 upvotes, $0
- Null pointer dereference in mrb_str_concat to shopify-scripts - 2 upvotes, $0
- Invalid memory access while freeing memory, caused by invalid type passed to mrb_ary_unshift to shopify-scripts - 2 upvotes, $0
- Denial of service (segfault) due to null pointer dereference in mrb_vm_exec to shopify-scripts - 2 upvotes, $0
- Heap use-after-free in mrb_vm_exec to shopify-scripts - 2 upvotes, $0
- Heap buffer overflow in mruby value_move to shopify-scripts - 2 upvotes, $0
- Use after free in mruby-mpdecimal to shopify-scripts - 1 upvotes, $800