Skip to content

Latest commit

 

History

History
163 lines (162 loc) · 20 KB

TOPSHOPIFYSCRIPTS.md

File metadata and controls

163 lines (162 loc) · 20 KB

Top reports from shopify-scripts program at HackerOne:

  1. DoS: type confusion in mrb_no_method_error to shopify-scripts - 60 upvotes, $0
  2. Type confusion in mrb_exc_set leading to memory corruption to shopify-scripts - 40 upvotes, $0
  3. Crash in mrb_ary_push to shopify-scripts - 37 upvotes, $800
  4. Type confusion in wrap_decimal leading to memory corruption to shopify-scripts - 35 upvotes, $0
  5. Buffer overflow in yywarning_s to shopify-scripts - 33 upvotes, $1000
  6. Use after free vulnerability in mruby Array#to_h causing DOS possible RCE to shopify-scripts - 29 upvotes, $0
  7. Invalid handling of zero-length heredoc identifiers leads to infinite loop in the sandbox to shopify-scripts - 23 upvotes, $10000
  8. TOCTTOU bug in mrb_str_setbyte leading the memory corruption to shopify-scripts - 23 upvotes, $0
  9. Crash: Overwriting NoMethodError with a builtin class crashes/corrupts memory to shopify-scripts - 20 upvotes, $10000
  10. Null pointer dereference due to TOCTTOU bug in mrb_time_initialize to shopify-scripts - 15 upvotes, $0
  11. Segfault and/or potential unwanted (byte)code execution with "break" and "||=" inside a loop to shopify-scripts - 13 upvotes, $10000
  12. Buffer overflow in mrb_time_asctime to shopify-scripts - 13 upvotes, $10000
  13. Null target_class DoS to shopify-scripts - 13 upvotes, $8000
  14. Segmentation fault when a Ruby method is invoked by a C method via Object#send to shopify-scripts - 13 upvotes, $8000
  15. Exception cause SIGABRT to shopify-scripts - 13 upvotes, $0
  16. SIGABRT - mrb_default_allocf to shopify-scripts - 13 upvotes, $0
  17. Heap buffer oveflow with many arguments to shopify-scripts - 12 upvotes, $800
  18. Deleting Key-value pair from Frozen HASH or Clearing a Frozen HASH to shopify-scripts - 12 upvotes, $0
  19. Clearing , Shifting and Pop Value from Frozen Array to shopify-scripts - 12 upvotes, $0
  20. Certain inputs cause tight C-level recursion leading to process stack overflow to shopify-scripts - 11 upvotes, $10000
  21. Broken handling of maximum number of method call arguments leads to segfault to shopify-scripts - 10 upvotes, $10000
  22. Memory disclosure in mruby String#lines method to shopify-scripts - 10 upvotes, $0
  23. NULL pointer dereference when parsing ternary operators to shopify-scripts - 10 upvotes, $0
  24. Segmentation fault on program counter to shopify-scripts - 10 upvotes, $0
  25. Struct type confusion RCE to shopify-scripts - 9 upvotes, $18000
  26. Crash: Initialize Decimal with itself triggers an assertion to shopify-scripts - 9 upvotes, $10000
  27. Null pointer derefence due to bug in codegen with negation without using value to shopify-scripts - 9 upvotes, $10000
  28. Denial of service due to invalid memory access in mrb_ary_concat to shopify-scripts - 9 upvotes, $8000
  29. NULL pointer dereference in mrb_check_frozen to shopify-scripts - 9 upvotes, $1000
  30. SIGSEGV when invalid argument on remove_method to shopify-scripts - 9 upvotes, $0
  31. Range#initialize_copy null pointer dereference to shopify-scripts - 8 upvotes, $10000
  32. Denial of Service in mruby due to null pointer dereference to shopify-scripts - 8 upvotes, $8000
  33. Read after free in mrb_vm_exec with OP_ARYCAT reading R(B) to shopify-scripts - 8 upvotes, $1000
  34. Incorrect code generation when result of NODE_NEGATE is not used to shopify-scripts - 8 upvotes, $1000
  35. Heap Buffer Overflow in mrb_hash_keys to shopify-scripts - 8 upvotes, $800
  36. kh_get_n2s() stack overrun to shopify-scripts - 8 upvotes, $0
  37. SIGSEGV - mrb_obj_extend - line:413 to shopify-scripts - 8 upvotes, $0
  38. Memory disclosure in timegm to shopify-scripts - 7 upvotes, $1000
  39. Invalid read in str_replace_partial to shopify-scripts - 7 upvotes, $1000
  40. Use After Free in str_replace to shopify-scripts - 7 upvotes, $800
  41. Use-after-free leading to an invalid pointer dereference to shopify-scripts - 7 upvotes, $800
  42. Null pointer dereference in ary_concat to shopify-scripts - 7 upvotes, $800
  43. SIGABRT - mirb and mruby to shopify-scripts - 7 upvotes, $0
  44. SIGSEGV - mark_context_stack to shopify-scripts - 7 upvotes, $0
  45. Range constructor type confusion DoS to shopify-scripts - 6 upvotes, $10000
  46. Undefined method_missing null pointer dereference to shopify-scripts - 6 upvotes, $8000
  47. Invalid memory write caused by incorrect upper bound in array_copy to shopify-scripts - 6 upvotes, $1000
  48. Double free of filename after codegen error to shopify-scripts - 6 upvotes, $200
  49. Memory corrouption in mrb_gc_mark to shopify-scripts - 6 upvotes, $100
  50. mrb_str_modify try to write to memory not marked for writing to shopify-scripts - 6 upvotes, $0
  51. attempting double-free using the mruby compiler mrbc to shopify-scripts - 6 upvotes, $0
  52. SIGSEGV - mrb_vm_exec - line:1681 to shopify-scripts - 6 upvotes, $0
  53. SIGSEGV - mrb_obj_value to shopify-scripts - 6 upvotes, $0
  54. SIGABRT - in free to shopify-scripts - 6 upvotes, $0
  55. SIGABRT in mrb_debug_info_append_file to shopify-scripts - 6 upvotes, $0
  56. SIGSEGV in mrb_vm_exec to shopify-scripts - 6 upvotes, $0
  57. heap-buffer-overflow in OP_R_BREAK to shopify-scripts - 6 upvotes, $0
  58. ruby DoS https://www.mruby.science to shopify-scripts - 5 upvotes, $8000
  59. Null pointer dereference regression in parse.y to shopify-scripts - 5 upvotes, $1000
  60. Segfault when passing invalid values to values_at to shopify-scripts - 5 upvotes, $1000
  61. Heap overflow due to off-by-one when expanding stack to shopify-scripts - 5 upvotes, $800
  62. Heap Buffer overflow in mrb_funcall_with_block to shopify-scripts - 5 upvotes, $800
  63. Null pointer dereferences from mrb_vm_exec to shopify-scripts - 5 upvotes, $800
  64. Null pointer dereferences in ary_concat to shopify-scripts - 5 upvotes, $800
  65. Invalid read leading to a segfault to shopify-scripts - 5 upvotes, $800
  66. Heap use-after-free during range creation to shopify-scripts - 5 upvotes, $200
  67. Null pointer dereference in mrb_random_initialize to shopify-scripts - 5 upvotes, $100
  68. SIGSEGV on mruby's mark_tbl() (Invalid memory access) to shopify-scripts - 5 upvotes, $0
  69. SIGSEGV on mruby mrb_str_modify() (Invalid memory access) to shopify-scripts - 5 upvotes, $0
  70. SIGSEV on mrb_ary_splice to shopify-scripts - 5 upvotes, $0
  71. SIGSEGV Null Pointer mrb_str_concat() to shopify-scripts - 5 upvotes, $0
  72. SIGSEGV - mrb_vm_exec - vm.c in line:1272 to shopify-scripts - 5 upvotes, $0
  73. SIGABRT - method_missing - mark_context_stack to shopify-scripts - 5 upvotes, $0
  74. SIGSEGV - vm.c - line:1214 to shopify-scripts - 5 upvotes, $0
  75. mrb_vm_exec - null ptr dereference to shopify-scripts - 5 upvotes, $0
  76. SIGSEGV in str_buf_cat to shopify-scripts - 5 upvotes, $0
  77. SIGSEGV in mrb_class to shopify-scripts - 5 upvotes, $0
  78. SIGABRT - mirb - Double Free to shopify-scripts - 5 upvotes, $0
  79. SEGV on ary_concat to shopify-scripts - 5 upvotes, $0
  80. Segfault in mruby, mruby_engine and the parent MRI Ruby due to null pointer dereference to shopify-scripts - 4 upvotes, $10000
  81. Crash: calling Proc::initialize_copy with a Proc instance where initialize never ran leads to a crash to shopify-scripts - 4 upvotes, $8000
  82. Crash: mrb_any_to_s can't handle NilClass, Symbol and Fixnum to shopify-scripts - 4 upvotes, $8000
  83. Segmentation fault due to bad memory access in kh_get_mt to shopify-scripts - 4 upvotes, $8000
  84. Recursion causing uninitialized memory reads leading to a segfault to shopify-scripts - 4 upvotes, $2000
  85. Heap Overflow in mrb_arb_splice to shopify-scripts - 4 upvotes, $800
  86. Heap Buffer Overflow while processing OP_SEND to shopify-scripts - 4 upvotes, $800
  87. Null pointer dereferences in mrb_get_args to shopify-scripts - 4 upvotes, $800
  88. Invalid memory access in mrb_str_format to shopify-scripts - 4 upvotes, $100
  89. Interger overflow in str_substr leading to read/write out of bound memory to shopify-scripts - 4 upvotes, $100
  90. Null pointer dereference in mrb_str_modify to shopify-scripts - 4 upvotes, $0
  91. mrb_vformat() heap overflow could lead to code execution to shopify-scripts - 4 upvotes, $0
  92. heap-buffer-overflow on mruby to shopify-scripts - 4 upvotes, $0
  93. SIGSEGV on mruby mrb_get_args() to shopify-scripts - 4 upvotes, $0
  94. A crash when an exception is caught in a caller and the receiver returned from ensure to shopify-scripts - 4 upvotes, $0
  95. SIGSEGV in mrb_vm_exec to shopify-scripts - 4 upvotes, $0
  96. Aborted - proc.c - line:143 to shopify-scripts - 4 upvotes, $0
  97. SIGSEGV - kh_resize_iv - Null Deref to shopify-scripts - 4 upvotes, $0
  98. SIGSEGV - mrb_vm_exec - line:1312 to shopify-scripts - 4 upvotes, $0
  99. SIGABRT - mrb_realloc_simple - gc.c - line:201 to shopify-scripts - 4 upvotes, $0
  100. SIGSEGV - mrb_yield_with_class to shopify-scripts - 4 upvotes, $0
  101. SIGABRT in only mirb to shopify-scripts - 4 upvotes, $0
  102. SIGSEGV in mrb_vm_exec to shopify-scripts - 4 upvotes, $0
  103. SIGSEGV in mrb_str_inum to shopify-scripts - 4 upvotes, $0
  104. heap use-after-free in mrb_vm_exec() to shopify-scripts - 4 upvotes, $0
  105. mruby heredoc notation to shopify-scripts - 4 upvotes, $0
  106. heap-use-after-free in OP_RESCUE to shopify-scripts - 4 upvotes, $0
  107. mruby-time: Crash host with uninitialized Time obj to shopify-scripts - 3 upvotes, $8000
  108. Crash: A call to Symbol.new leads to a crash when inspecting the resulting object to shopify-scripts - 3 upvotes, $1000
  109. Null pointer dereference in mrb_str_prepend to shopify-scripts - 3 upvotes, $800
  110. Still heap overflow in mrb_ary_splice to shopify-scripts - 3 upvotes, $800
  111. Use After Free in mrb_vm_exec to shopify-scripts - 3 upvotes, $800
  112. Heap Buffer overflow in mrb_ary_unshift to shopify-scripts - 3 upvotes, $800
  113. Invalid Pointer Reference from OP_RESCUE to shopify-scripts - 3 upvotes, $800
  114. Null pointer dereference in 'get_file' to shopify-scripts - 3 upvotes, $800
  115. kh_put_iv SEGFAULT - mruby 1.2.0 to shopify-scripts - 3 upvotes, $800
  116. Null pointer dereference in mrb_class to shopify-scripts - 3 upvotes, $800
  117. Null pointer dereference in OP_ENTER to shopify-scripts - 3 upvotes, $800
  118. Invalid pointer dereference in OP_ENTER to shopify-scripts - 3 upvotes, $800
  119. Null pointer dereferences in kh_copy_mt to shopify-scripts - 3 upvotes, $800
  120. heap-use-after-free in mrb_vm_exec - vm.c:1247 to shopify-scripts - 3 upvotes, $800
  121. Integer Overflow in mrb_ary_set to shopify-scripts - 3 upvotes, $100
  122. Crash in print_backtrace to shopify-scripts - 3 upvotes, $100
  123. Segmentfault at mrb_vm_exec to shopify-scripts - 3 upvotes, $100
  124. Incorrect code generation with redo inside NODE_RESCUE. to shopify-scripts - 3 upvotes, $100
  125. Null pointer dereference in ary_concat to shopify-scripts - 3 upvotes, $0
  126. SIGSEGV mrb_obj_freeze() Manipulating Register RAX and RSI to shopify-scripts - 3 upvotes, $0
  127. Denial of service (segfault) due to null pointer dereference in mrb_obj_instance_eval to shopify-scripts - 3 upvotes, $0
  128. segafult in mruby's sprintf - mrb_str_format to shopify-scripts - 3 upvotes, $0
  129. SIGABRT, SIGSEGV mspace_free() and mrb_default_allocf() to shopify-scripts - 3 upvotes, $0
  130. SIGSEGV on mrb_vm_exec() Null Deref to shopify-scripts - 3 upvotes, $0
  131. SIGSEGV - mrb_check_intern_str() - NullPointer to shopify-scripts - 3 upvotes, $0
  132. Segmentation fault - mrb_gc_mark to shopify-scripts - 3 upvotes, $0
  133. Controlled address leak due to type confusion - ASLR bypass to shopify-scripts - 3 upvotes, $0
  134. sprintf gem - format string combined attack to shopify-scripts - 3 upvotes, $0
  135. forgot to add the patch to shopify-scripts - 3 upvotes, $0
  136. mruby heap use-after-free to shopify-scripts - 3 upvotes, $0
  137. SIGSEGV - kh_get_n2s - in /src/symbol.c:37 to shopify-scripts - 3 upvotes, $0
  138. mirb only: stack-buffer-overflow (OOB write) in main() to shopify-scripts - 3 upvotes, $0
  139. heap-buffer-overflow (read outside of buffer) in mrb_vm_exec() to shopify-scripts - 3 upvotes, $0
  140. Crash in ary_concat() to shopify-scripts - 3 upvotes, $0
  141. OP_SCALL in LHS of a OP_ASGN resulting in arbitrary memory write to shopify-scripts - 3 upvotes, $0
  142. Heap Overflow in fiber_switch triggered from Fiber.transfer to shopify-scripts - 3 upvotes, $0
  143. Segmentation fault while printing backtrace to shopify-scripts - 2 upvotes, $1000
  144. Heap buffer overflow with long array assignment to shopify-scripts - 2 upvotes, $800
  145. Null pointer dereference in mrb_class to shopify-scripts - 2 upvotes, $800
  146. Null pointer dereference in mark_context_stack to shopify-scripts - 2 upvotes, $800
  147. SIGSEGV in array_copy - array.c:71 to shopify-scripts - 2 upvotes, $800
  148. Null pointer dereference with send/method_missing to shopify-scripts - 2 upvotes, $800
  149. Garbage collector crash to shopify-scripts - 2 upvotes, $300
  150. heap-use-after-free /home/operac/testafl/mruby/mrubylast/mruby/src/gc.c to shopify-scripts - 2 upvotes, $100
  151. SIGABRT in sym_validate_len - symbol.c:44 to shopify-scripts - 2 upvotes, $100
  152. heap use after free in fiber_switch to shopify-scripts - 2 upvotes, $100
  153. Invalid Pointer reference in L_RESCUE to shopify-scripts - 2 upvotes, $100
  154. Segmentation fault due to invalid memory access in codegen when using break with the 127th argument a constant to shopify-scripts - 2 upvotes, $0
  155. Null pointer dereference due to bug in codegen with negation of floats to shopify-scripts - 2 upvotes, $0
  156. Null pointer dereference in mrb_str_concat to shopify-scripts - 2 upvotes, $0
  157. Invalid memory access while freeing memory, caused by invalid type passed to mrb_ary_unshift to shopify-scripts - 2 upvotes, $0
  158. Denial of service (segfault) due to null pointer dereference in mrb_vm_exec to shopify-scripts - 2 upvotes, $0
  159. Heap use-after-free in mrb_vm_exec to shopify-scripts - 2 upvotes, $0
  160. Heap buffer overflow in mruby value_move to shopify-scripts - 2 upvotes, $0
  161. Use after free in mruby-mpdecimal to shopify-scripts - 1 upvotes, $800