Decimal can be redefined, causing the Decimal class lookup in wrap_decimal to be invalid. This can lead to memory corruption or arbitrary code execution. The following snippet results in a native crash in mruby-engine olddecimal = Decimal.new(1) Decimal = Hash a = -olddecimal puts a I suspect you caught this along with charliesome's similar bug for Struct. If not I'll follow up with a patch and an RCE exploit.

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

Code Injection