Skip to content

Latest commit

 

History

History
163 lines (162 loc) · 20.1 KB

TOPSHOPIFYSCRIPTS.md

File metadata and controls

163 lines (162 loc) · 20.1 KB
Raw

Top reports from shopify-scripts program at HackerOne:

  1. DoS: type confusion in mrb_no_method_error to shopify-scripts - 60 upvotes, $20000
  2. Type confusion in mrb_exc_set leading to memory corruption to shopify-scripts - 40 upvotes, $20000
  3. Crash in mrb_ary_push to shopify-scripts - 37 upvotes, $800
  4. Type confusion in wrap_decimal leading to memory corruption to shopify-scripts - 35 upvotes, $18000
  5. Buffer overflow in yywarning_s to shopify-scripts - 33 upvotes, $1000
  6. Use after free vulnerability in mruby Array#to_h causing DOS possible RCE to shopify-scripts - 29 upvotes, $20000
  7. TOCTTOU bug in mrb_str_setbyte leading the memory corruption to shopify-scripts - 23 upvotes, $20000
  8. Invalid handling of zero-length heredoc identifiers leads to infinite loop in the sandbox to shopify-scripts - 22 upvotes, $10000
  9. Crash: Overwriting NoMethodError with a builtin class crashes/corrupts memory to shopify-scripts - 20 upvotes, $10000
  10. Null pointer dereference due to TOCTTOU bug in mrb_time_initialize to shopify-scripts - 15 upvotes, $10000
  11. Exception cause SIGABRT to shopify-scripts - 13 upvotes, $10000
  12. Segfault and/or potential unwanted (byte)code execution with "break" and "||=" inside a loop to shopify-scripts - 13 upvotes, $10000
  13. Null target_class DoS to shopify-scripts - 13 upvotes, $8000
  14. Segmentation fault when a Ruby method is invoked by a C method via Object#send to shopify-scripts - 13 upvotes, $8000
  15. SIGABRT - mrb_default_allocf to shopify-scripts - 13 upvotes, $0
  16. Buffer overflow in mrb_time_asctime to shopify-scripts - 12 upvotes, $10000
  17. Heap buffer oveflow with many arguments to shopify-scripts - 12 upvotes, $800
  18. Deleting Key-value pair from Frozen HASH or Clearing a Frozen HASH to shopify-scripts - 12 upvotes, $0
  19. Clearing , Shifting and Pop Value from Frozen Array to shopify-scripts - 12 upvotes, $0
  20. Certain inputs cause tight C-level recursion leading to process stack overflow to shopify-scripts - 11 upvotes, $10000
  21. NULL pointer dereference when parsing ternary operators to shopify-scripts - 10 upvotes, $10000
  22. Broken handling of maximum number of method call arguments leads to segfault to shopify-scripts - 10 upvotes, $10000
  23. Memory disclosure in mruby String#lines method to shopify-scripts - 10 upvotes, $2000
  24. Segmentation fault on program counter to shopify-scripts - 10 upvotes, $0
  25. Crash: Initialize Decimal with itself triggers an assertion to shopify-scripts - 9 upvotes, $10000
  26. SIGSEGV when invalid argument on remove_method to shopify-scripts - 9 upvotes, $10000
  27. Null pointer derefence due to bug in codegen with negation without using value to shopify-scripts - 9 upvotes, $10000
  28. Denial of service due to invalid memory access in mrb_ary_concat to shopify-scripts - 9 upvotes, $8000
  29. NULL pointer dereference in mrb_check_frozen to shopify-scripts - 9 upvotes, $1000
  30. Denial of Service in mruby due to null pointer dereference to shopify-scripts - 8 upvotes, $8000
  31. Read after free in mrb_vm_exec with OP_ARYCAT reading R(B) to shopify-scripts - 8 upvotes, $1000
  32. Incorrect code generation when result of NODE_NEGATE is not used to shopify-scripts - 8 upvotes, $1000
  33. kh_get_n2s() stack overrun to shopify-scripts - 8 upvotes, $800
  34. Heap Buffer Overflow in mrb_hash_keys to shopify-scripts - 8 upvotes, $800
  35. SIGSEGV - mrb_obj_extend - line:413 to shopify-scripts - 8 upvotes, $100
  36. Range#initialize_copy null pointer dereference to shopify-scripts - 7 upvotes, $10000
  37. Memory disclosure in timegm to shopify-scripts - 7 upvotes, $1000
  38. Invalid read in str_replace_partial to shopify-scripts - 7 upvotes, $1000
  39. Use After Free in str_replace to shopify-scripts - 7 upvotes, $800
  40. Use-after-free leading to an invalid pointer dereference to shopify-scripts - 7 upvotes, $800
  41. Null pointer dereference in ary_concat to shopify-scripts - 7 upvotes, $800
  42. SIGABRT - mirb and mruby to shopify-scripts - 7 upvotes, $800
  43. SIGSEGV - mark_context_stack to shopify-scripts - 7 upvotes, $800
  44. Struct type confusion RCE to shopify-scripts - 6 upvotes, $18000
  45. Range constructor type confusion DoS to shopify-scripts - 6 upvotes, $10000
  46. Undefined method_missing null pointer dereference to shopify-scripts - 6 upvotes, $8000
  47. Invalid memory write caused by incorrect upper bound in array_copy to shopify-scripts - 6 upvotes, $1000
  48. mrb_str_modify try to write to memory not marked for writing to shopify-scripts - 6 upvotes, $800
  49. SIGSEGV - mrb_vm_exec - line:1681 to shopify-scripts - 6 upvotes, $800
  50. SIGABRT - in free to shopify-scripts - 6 upvotes, $800
  51. SIGABRT in mrb_debug_info_append_file to shopify-scripts - 6 upvotes, $800
  52. SIGSEGV in mrb_vm_exec to shopify-scripts - 6 upvotes, $800
  53. heap-buffer-overflow in OP_R_BREAK to shopify-scripts - 6 upvotes, $800
  54. Double free of filename after codegen error to shopify-scripts - 6 upvotes, $200
  55. Memory corrouption in mrb_gc_mark to shopify-scripts - 6 upvotes, $100
  56. attempting double-free using the mruby compiler mrbc to shopify-scripts - 6 upvotes, $0
  57. SIGSEGV - mrb_obj_value to shopify-scripts - 6 upvotes, $0
  58. SIGSEGV on mruby's mark_tbl() (Invalid memory access) to shopify-scripts - 5 upvotes, $8000
  59. SIGSEGV on mruby mrb_str_modify() (Invalid memory access) to shopify-scripts - 5 upvotes, $8000
  60. SIGSEV on mrb_ary_splice to shopify-scripts - 5 upvotes, $8000
  61. ruby DoS https://www.mruby.science to shopify-scripts - 5 upvotes, $8000
  62. Null pointer dereference regression in parse.y to shopify-scripts - 5 upvotes, $1000
  63. Segfault when passing invalid values to values_at to shopify-scripts - 5 upvotes, $1000
  64. Heap overflow due to off-by-one when expanding stack to shopify-scripts - 5 upvotes, $800
  65. SIGSEGV Null Pointer mrb_str_concat() to shopify-scripts - 5 upvotes, $800
  66. Heap Buffer overflow in mrb_funcall_with_block to shopify-scripts - 5 upvotes, $800
  67. SIGSEGV - mrb_vm_exec - vm.c in line:1272 to shopify-scripts - 5 upvotes, $800
  68. SIGSEGV - vm.c - line:1214 to shopify-scripts - 5 upvotes, $800
  69. Null pointer dereferences from mrb_vm_exec to shopify-scripts - 5 upvotes, $800
  70. Null pointer dereferences in ary_concat to shopify-scripts - 5 upvotes, $800
  71. SIGSEGV in mrb_class to shopify-scripts - 5 upvotes, $800
  72. Invalid read leading to a segfault to shopify-scripts - 5 upvotes, $800
  73. SEGV on ary_concat to shopify-scripts - 5 upvotes, $800
  74. Heap use-after-free during range creation to shopify-scripts - 5 upvotes, $200
  75. Null pointer dereference in mrb_random_initialize to shopify-scripts - 5 upvotes, $100
  76. SIGABRT - method_missing - mark_context_stack to shopify-scripts - 5 upvotes, $100
  77. SIGSEGV in str_buf_cat to shopify-scripts - 5 upvotes, $100
  78. SIGABRT - mirb - Double Free to shopify-scripts - 5 upvotes, $100
  79. mrb_vm_exec - null ptr dereference to shopify-scripts - 5 upvotes, $0
  80. Crash: calling Proc::initialize_copy with a Proc instance where initialize never ran leads to a crash to shopify-scripts - 4 upvotes, $8000
  81. Crash: mrb_any_to_s can't handle NilClass, Symbol and Fixnum to shopify-scripts - 4 upvotes, $8000
  82. Segmentation fault due to bad memory access in kh_get_mt to shopify-scripts - 4 upvotes, $8000
  83. Heap Overflow in mrb_arb_splice to shopify-scripts - 4 upvotes, $800
  84. Null pointer dereference in mrb_str_modify to shopify-scripts - 4 upvotes, $800
  85. SIGSEGV on mruby mrb_get_args() to shopify-scripts - 4 upvotes, $800
  86. A crash when an exception is caught in a caller and the receiver returned from ensure to shopify-scripts - 4 upvotes, $800
  87. SIGSEGV in mrb_vm_exec to shopify-scripts - 4 upvotes, $800
  88. Aborted - proc.c - line:143 to shopify-scripts - 4 upvotes, $800
  89. SIGSEGV - kh_resize_iv - Null Deref to shopify-scripts - 4 upvotes, $800
  90. Heap Buffer Overflow while processing OP_SEND to shopify-scripts - 4 upvotes, $800
  91. SIGABRT in only mirb to shopify-scripts - 4 upvotes, $800
  92. Null pointer dereferences in mrb_get_args to shopify-scripts - 4 upvotes, $800
  93. SIGSEGV in mrb_str_inum to shopify-scripts - 4 upvotes, $800
  94. heap use-after-free in mrb_vm_exec() to shopify-scripts - 4 upvotes, $800
  95. mruby heredoc notation to shopify-scripts - 4 upvotes, $800
  96. heap-use-after-free in OP_RESCUE to shopify-scripts - 4 upvotes, $800
  97. mrb_vformat() heap overflow could lead to code execution to shopify-scripts - 4 upvotes, $100
  98. heap-buffer-overflow on mruby to shopify-scripts - 4 upvotes, $100
  99. Interger overflow in str_substr leading to read/write out of bound memory to shopify-scripts - 4 upvotes, $100
  100. SIGSEGV - mrb_vm_exec - line:1312 to shopify-scripts - 4 upvotes, $100
  101. SIGABRT - mrb_realloc_simple - gc.c - line:201 to shopify-scripts - 4 upvotes, $100
  102. SIGSEGV in mrb_vm_exec to shopify-scripts - 4 upvotes, $100
  103. SIGSEGV - mrb_yield_with_class to shopify-scripts - 4 upvotes, $0
  104. Segfault in mruby, mruby_engine and the parent MRI Ruby due to null pointer dereference to shopify-scripts - 3 upvotes, $10000
  105. mruby-time: Crash host with uninitialized Time obj to shopify-scripts - 3 upvotes, $8000
  106. Recursion causing uninitialized memory reads leading to a segfault to shopify-scripts - 3 upvotes, $2000
  107. Crash: A call to Symbol.new leads to a crash when inspecting the resulting object to shopify-scripts - 3 upvotes, $1000
  108. Null pointer dereference in mrb_str_prepend to shopify-scripts - 3 upvotes, $800
  109. Still heap overflow in mrb_ary_splice to shopify-scripts - 3 upvotes, $800
  110. SIGSEGV mrb_obj_freeze() Manipulating Register RAX and RSI to shopify-scripts - 3 upvotes, $800
  111. Use After Free in mrb_vm_exec to shopify-scripts - 3 upvotes, $800
  112. Heap Buffer overflow in mrb_ary_unshift to shopify-scripts - 3 upvotes, $800
  113. SIGABRT, SIGSEGV mspace_free() and mrb_default_allocf() to shopify-scripts - 3 upvotes, $800
  114. SIGSEGV on mrb_vm_exec() Null Deref to shopify-scripts - 3 upvotes, $800
  115. SIGSEGV - mrb_check_intern_str() - NullPointer to shopify-scripts - 3 upvotes, $800
  116. forgot to add the patch to shopify-scripts - 3 upvotes, $800
  117. Invalid Pointer Reference from OP_RESCUE to shopify-scripts - 3 upvotes, $800
  118. Null pointer dereference in 'get_file' to shopify-scripts - 3 upvotes, $800
  119. kh_put_iv SEGFAULT - mruby 1.2.0 to shopify-scripts - 3 upvotes, $800
  120. Null pointer dereference in mrb_class to shopify-scripts - 3 upvotes, $800
  121. Null pointer dereference in OP_ENTER to shopify-scripts - 3 upvotes, $800
  122. Invalid pointer dereference in OP_ENTER to shopify-scripts - 3 upvotes, $800
  123. mruby heap use-after-free to shopify-scripts - 3 upvotes, $800
  124. SIGSEGV - kh_get_n2s - in /src/symbol.c:37 to shopify-scripts - 3 upvotes, $800
  125. Null pointer dereferences in kh_copy_mt to shopify-scripts - 3 upvotes, $800
  126. Crash in ary_concat() to shopify-scripts - 3 upvotes, $800
  127. heap-use-after-free in mrb_vm_exec - vm.c:1247 to shopify-scripts - 3 upvotes, $800
  128. OP_SCALL in LHS of a OP_ASGN resulting in arbitrary memory write to shopify-scripts - 3 upvotes, $200
  129. Invalid memory access in mrb_str_format to shopify-scripts - 3 upvotes, $100
  130. Integer Overflow in mrb_ary_set to shopify-scripts - 3 upvotes, $100
  131. Crash in print_backtrace to shopify-scripts - 3 upvotes, $100
  132. Segmentfault at mrb_vm_exec to shopify-scripts - 3 upvotes, $100
  133. Incorrect code generation with redo inside NODE_RESCUE. to shopify-scripts - 3 upvotes, $100
  134. segafult in mruby's sprintf - mrb_str_format to shopify-scripts - 3 upvotes, $100
  135. Segmentation fault - mrb_gc_mark to shopify-scripts - 3 upvotes, $100
  136. Controlled address leak due to type confusion - ASLR bypass to shopify-scripts - 3 upvotes, $100
  137. sprintf gem - format string combined attack to shopify-scripts - 3 upvotes, $100
  138. Heap Overflow in fiber_switch triggered from Fiber.transfer to shopify-scripts - 3 upvotes, $100
  139. Denial of service (segfault) due to null pointer dereference in mrb_obj_instance_eval to shopify-scripts - 3 upvotes, $0
  140. mirb only: stack-buffer-overflow (OOB write) in main() to shopify-scripts - 3 upvotes, $0
  141. heap-buffer-overflow (read outside of buffer) in mrb_vm_exec() to shopify-scripts - 3 upvotes, $0
  142. Segmentation fault while printing backtrace to shopify-scripts - 2 upvotes, $1000
  143. Heap buffer overflow with long array assignment to shopify-scripts - 2 upvotes, $800
  144. Null pointer dereference in mrb_class to shopify-scripts - 2 upvotes, $800
  145. Null pointer dereference in mark_context_stack to shopify-scripts - 2 upvotes, $800
  146. Heap use-after-free in mrb_vm_exec to shopify-scripts - 2 upvotes, $800
  147. Heap buffer overflow in mruby value_move to shopify-scripts - 2 upvotes, $800
  148. SIGSEGV in array_copy - array.c:71 to shopify-scripts - 2 upvotes, $800
  149. Null pointer dereference with send/method_missing to shopify-scripts - 2 upvotes, $800
  150. Garbage collector crash to shopify-scripts - 2 upvotes, $300
  151. heap-use-after-free /home/operac/testafl/mruby/mrubylast/mruby/src/gc.c to shopify-scripts - 2 upvotes, $100
  152. SIGABRT in sym_validate_len - symbol.c:44 to shopify-scripts - 2 upvotes, $100
  153. heap use after free in fiber_switch to shopify-scripts - 2 upvotes, $100
  154. Invalid Pointer reference in L_RESCUE to shopify-scripts - 2 upvotes, $100
  155. Segmentation fault due to invalid memory access in codegen when using break with the 127th argument a constant to shopify-scripts - 2 upvotes, $0
  156. Null pointer dereference due to bug in codegen with negation of floats to shopify-scripts - 2 upvotes, $0
  157. Null pointer dereference in mrb_str_concat to shopify-scripts - 2 upvotes, $0
  158. Invalid memory access while freeing memory, caused by invalid type passed to mrb_ary_unshift to shopify-scripts - 2 upvotes, $0
  159. Null pointer dereference in ary_concat to shopify-scripts - 2 upvotes, $0
  160. Denial of service (segfault) due to null pointer dereference in mrb_vm_exec to shopify-scripts - 2 upvotes, $0
  161. Use after free in mruby-mpdecimal to shopify-scripts - 1 upvotes, $800