1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
# Security Policy
## Reporting a Vulnerability
If you have any security concern, contact <matz@ruby.or.jp>.
## Scope
We consider the following issues as vulnerabilities:
- Remote code execution
- Crash caused by a valid Ruby script
We _don't_ consider the following issues as vulnerabilities:
- Runtime C undefined behavior (including integer overflow)
- Crash caused by misused API
- Crash caused by modified compiled binary
- ASAN/Valgrind warning for too big memory allocation
mruby assumes `malloc(3)` returns `NULL` for too big allocations
|
