漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Creolabs Gravity < 0.9.6 Heap Buffer Overflow via gravity_vm_exec
Vulnerability Description
Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravity_fiber_reassign() to corrupt heap metadata and achieve arbitrary code execution in applications that evaluate untrusted scripts.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
堆缓冲区溢出
Vulnerability Title
Gravity 安全漏洞
Vulnerability Description
Gravity是Marco Bambini个人开发者的一种用 C 编写的强大的、动态类型的、轻量级的、可嵌入的编程语言。用于过程编程、面向对象编程、函数式编程和数据驱动编程。 Gravity 0.9.6之前版本存在安全漏洞,该漏洞源于gravity_vm_exec函数中存在堆缓冲区溢出,攻击者可通过制作包含许多全局字符串字面量的脚本来写入越界内存,可能导致任意代码执行。
CVSS Information
N/A
Vulnerability Type
N/A