shopify-scripts - HackerOne Bug Reports

4,419 Bug Reports - $2,030,173 Paid Out
Last Updated: 12th September, 2017

Team	Bounty	Title
shopify-scripts	$800	Use after free in mruby-mpdecimal
shopify-scripts	$800	Null pointer dereference with send/method_missing
shopify-scripts	$100	Heap Overflow in fiber_switch triggered from Fiber.transfer
shopify-scripts	$200	OP_SCALL in LHS of a OP_ASGN resulting in arbitrary memory write
shopify-scripts	$800	heap-use-after-free in mrb_vm_exec - vm.c:1247
shopify-scripts	$100	heap use after free in fiber_switch
shopify-scripts	$800	Null pointer dereferences in kh_copy_mt
shopify-scripts	$800	heap-buffer-overflow (read outside of buffer) in mrb_vm_exec()
shopify-scripts	$100	mirb only: stack-buffer-overflow (OOB write) in main()
shopify-scripts	$100	Invalid Pointer reference in L_RESCUE
shopify-scripts	$100	SIGABRT in sym_validate_len - symbol.c:44
shopify-scripts	$800	Invalid pointer dereference in OP_ENTER
shopify-scripts	$800	SIGSEGV in array_copy - array.c:71
shopify-scripts	$800	Null pointer dereference in OP_ENTER
shopify-scripts	$800	kh_put_iv SEGFAULT - mruby 1.2.0
shopify-scripts	$100	SIGSEGV in mrb_vm_exec
shopify-scripts	$800	SIGSEGV in mrb_str_inum
shopify-scripts	$800	Heap Buffer Overflow in mrb_hash_keys
shopify-scripts	$800	SIGABRT - in free
shopify-scripts	$800	heap use-after-free in mrb_vm_exec()
shopify-scripts	$800	Crash in ary_concat()
shopify-scripts	$800	Null pointer dereferences in mrb_get_args
shopify-scripts	$800	SIGABRT in mrb_debug_info_append_file
shopify-scripts	$800	Null pointer dereference in mrb_class
shopify-scripts	$300	Garbage collector crash
shopify-scripts	$800	SIGSEGV in mrb_class
shopify-scripts	$800	SIGSEGV in mrb_vm_exec
shopify-scripts	$800	Null pointer dereference in ary_concat
shopify-scripts	$100	SIGABRT - mirb - Double Free
shopify-scripts	$800	Null pointer dereferences in ary_concat
shopify-scripts	$800	SIGABRT - mirb and mruby
shopify-scripts	$800	SIGSEGV - mrb_obj_value
shopify-scripts	$800	Use-after-free leading to an invalid pointer dereference
shopify-scripts	$100	SIGSEGV in str_buf_cat
shopify-scripts	$800	SIGABRT in only mirb
shopify-scripts	$800	SIGSEGV - kh_get_n2s - in /src/symbol.c:37
shopify-scripts	$100	sprintf gem - format string combined attack
shopify-scripts	$800	Null pointer dereference in mrb_class
shopify-scripts	$800	SIGSEGV - mrb_yield_with_class
shopify-scripts	$800	Null pointer dereference in 'get_file'
shopify-scripts	$800	Null pointer dereferences from mrb_vm_exec
shopify-scripts	$800	mrb_vm_exec - null ptr dereference
shopify-scripts	$800	Invalid Pointer Reference from OP_RESCUE
shopify-scripts	$800	SIGSEGV - mark_context_stack
shopify-scripts	$800	Heap buffer overflow in mruby value_move
shopify-scripts	$800	Heap buffer overflow with long array assignment
shopify-scripts	$800	Null pointer dereference in mark_context_stack
shopify-scripts	$100	Memory corrouption in mrb_gc_mark
shopify-scripts	$800	Heap use-after-free in mrb_vm_exec
shopify-scripts	$100	Controlled address leak due to type confusion - ASLR bypass
shopify-scripts	$800	Heap Buffer Overflow while processing OP_SEND
shopify-scripts	$800	mruby heap use-after-free
shopify-scripts	$100	Interger overflow in str_substr leading to read/write out of bound memory
shopify-scripts	$800	Use After Free in mrb_vm_exec
shopify-scripts	$800	Heap Buffer overflow in mrb_ary_unshift
shopify-scripts	$100	SIGABRT - method_missing - mark_context_stack
shopify-scripts	$800	A crash when an exception is caught in a caller and the receiver returned from `ensure`
shopify-scripts	$100	segafult in mruby's sprintf - mrb_str_format
shopify-scripts	$800	Heap buffer oveflow with many arguments
shopify-scripts	$1,000	Segmentation fault while printing backtrace
shopify-scripts	$800	forgot to add the patch
shopify-scripts	$100	SIGSEGV - mrb_vm_exec - line:1312
shopify-scripts	$800	Denial of service (segfault) due to null pointer dereference in mrb_vm_exec
shopify-scripts	$800	Denial of service (segfault) due to null pointer dereference in mrb_obj_instance_eval
shopify-scripts	$100	Null pointer dereference in mrb_random_initialize
shopify-scripts	$800	SIGSEGV - vm.c - line:1214
shopify-scripts	$100	Segmentfault at mrb_vm_exec
shopify-scripts	$2,000	Recursion causing uninitialized memory reads leading to a segfault
shopify-scripts	$100	heap-use-after-free /home/operac/testafl/mruby/mrubylast/mruby/src/gc.c
shopify-scripts	$100	Incorrect code generation with redo inside NODE_RESCUE.
shopify-scripts	$800	Aborted - proc.c - line:143
shopify-scripts	$100	SIGABRT - mrb_realloc_simple - gc.c - line:201
shopify-scripts	$100	Crash in print_backtrace
shopify-scripts	$800	Null pointer dereference in mrb_str_modify
shopify-scripts	$800	Still heap overflow in mrb_ary_splice
shopify-scripts	$100	SIGSEGV - mrb_obj_extend - line:413
shopify-scripts	$800	SIGSEGV - mrb_vm_exec - line:1681
shopify-scripts	$800	Heap Buffer overflow in mrb_funcall_with_block
shopify-scripts	$800	Segmentation fault on program counter
shopify-scripts	-	Clearing , Shifting and Pop Value from Frozen Array
shopify-scripts	$800	SIGSEGV - mrb_vm_exec - vm.c in line:1272
shopify-scripts	$800	SIGSEGV in mrb_vm_exec
shopify-scripts	$100	Segmentation fault - mrb_gc_mark
shopify-scripts	$800	Heap overflow due to off-by-one when expanding stack
shopify-scripts	$200	Heap use-after-free during range creation
shopify-scripts	-	Deleting Key-value pair from Frozen HASH or Clearing a Frozen HASH
shopify-scripts	$800	SIGABRT - mrb_default_allocf
shopify-scripts	$800	SIGSEGV - kh_resize_iv - Null Deref
shopify-scripts	$200	Double free of filename after codegen error
shopify-scripts	$800	attempting double-free using the mruby compiler `mrbc`
shopify-scripts	$800	Use After Free in str_replace
shopify-scripts	$800	Null pointer dereference in mrb_str_prepend
shopify-scripts	$800	mrb_str_modify try to write to memory not marked for writing
shopify-scripts	$800	SIGSEGV - mrb_check_intern_str() - NullPointer
shopify-scripts	$1,000	Memory disclosure in timegm
shopify-scripts	$800	SIGSEGV Null Pointer mrb_str_concat()
shopify-scripts	$100	heap-buffer-overflow on mruby
shopify-scripts	$800	kh_get_n2s() stack overrun
shopify-scripts	$800	SIGABRT, SIGSEGV mspace_free() and mrb_default_allocf()
shopify-scripts	$800	SIGSEGV on mrb_vm_exec() Null Deref
shopify-scripts	$800	Heap Overflow in mrb_arb_splice
shopify-scripts	$100	mrb_vformat() heap overflow could lead to code execution
shopify-scripts	$100	Integer Overflow in mrb_ary_set
shopify-scripts	$800	SIGSEGV mrb_obj_freeze() Manipulating Register RAX and RSI
shopify-scripts	$800	SIGSEGV on mruby mrb_get_args()
shopify-scripts	$1,000	Incorrect code generation when result of NODE_NEGATE is not used
shopify-scripts	$100	Invalid memory access in `mrb_str_format`
shopify-scripts	$1,000	Segfault when passing invalid values to `values_at`
shopify-scripts	-	Segmentation fault due to invalid memory access in codegen when using break with the 127th argument a constant
shopify-scripts	$10,000	Certain inputs cause tight C-level recursion leading to process stack overflow
shopify-scripts	$10,000	Buffer overflow in mrb_time_asctime
shopify-scripts	$8,000	Segmentation fault due to bad memory access in kh_get_mt
shopify-scripts	-	Null pointer dereference due to bug in codegen with negation of floats
shopify-scripts	$10,000	Null pointer derefence due to bug in codegen with negation without using value
shopify-scripts	$10,000	Invalid handling of zero-length heredoc identifiers leads to infinite loop in the sandbox
shopify-scripts	$10,000	Crash: Overwriting NoMethodError with a builtin class crashes/corrupts memory
shopify-scripts	$1,000	Crash: A call to Symbol.new leads to a crash when inspecting the resulting object
shopify-scripts	$1,000	Invalid memory write caused by incorrect upper bound in array_copy
shopify-scripts	$8,000	Crash: mrb_any_to_s can't handle NilClass, Symbol and Fixnum
shopify-scripts	$10,000	Crash: Initialize Decimal with itself triggers an assertion
shopify-scripts	-	Null pointer dereference in mrb_str_concat
shopify-scripts	$1,000	Null pointer dereference regression in parse.y
shopify-scripts	$18,000	Type confusion in wrap_decimal leading to memory corruption
shopify-scripts	$20,000	Type confusion in mrb_exc_set leading to memory corruption
shopify-scripts	$8,000	Crash: calling Proc::initialize_copy with a Proc instance where initialize never ran leads to a crash
shopify-scripts	$1,000	Read after free in mrb_vm_exec with OP_ARYCAT reading R(B)
shopify-scripts	$8,000	Denial of service due to invalid memory access in mrb_ary_concat
shopify-scripts	$8,000	mruby-time: Crash host with uninitialized Time obj
shopify-scripts	-	Invalid memory access while freeing memory, caused by invalid type passed to mrb_ary_unshift
shopify-scripts	-	Null pointer dereference in ary_concat
shopify-scripts	$8,000	Segmentation fault when a Ruby method is invoked by a C method via Object#send
shopify-scripts	$8,000	Null target_class DoS
shopify-scripts	$10,000	Segfault and/or potential unwanted (byte)code execution with "break" and "\|\|=" inside a loop
shopify-scripts	$8,000	SIGSEGV on mruby's mark_tbl() (Invalid memory access)
shopify-scripts	$8,000	SIGSEGV on mruby mrb_str_modify() (Invalid memory access)
shopify-scripts	$10,000	Broken handling of maximum number of method call arguments leads to segfault
shopify-scripts	$10,000	Null pointer dereference due to TOCTTOU bug in mrb_time_initialize
shopify-scripts	$8,000	SIGSEV on mrb_ary_splice
shopify-scripts	$10,000	Range constructor type confusion DoS
shopify-scripts	$20,000	TOCTTOU bug in mrb_str_setbyte leading the memory corruption
shopify-scripts	$18,000	Struct type confusion RCE
shopify-scripts	$10,000	SIGSEGV when invalid argument on remove_method
shopify-scripts	$20,000	DoS: type confusion in mrb_no_method_error
shopify-scripts	$10,000	Segfault in mruby, mruby_engine and the parent MRI Ruby due to null pointer dereference
shopify-scripts	$8,000	Undefined method_missing null pointer dereference
shopify-scripts	$10,000	Range#initialize_copy null pointer dereference
shopify-scripts	$10,000	NULL pointer dereference when parsing ternary operators
shopify-scripts	$20,000	Use after free vulnerability in mruby Array#to_h causing DOS possible RCE
shopify-scripts	$2,000	Memory disclosure in mruby String#lines method
shopify-scripts	$8,000	Denial of Service in mruby due to null pointer dereference
shopify-scripts	$10,000	Exception cause SIGABRT
shopify-scripts	$8,000	ruby DoS https://www.mruby.science