A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is eb398971bfb43c38db3e04528b68ac9a7ce509bc. It is advisable to implement a patch to correct this issue.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-11-13
A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 1fdd96104180cc0fb5d3cb086b05ab6458911bb9. It is recommended to apply a patch to fix this issue.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-07-09
An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 3.1.0-rc. The vulnerability causes a segmentation fault and application crash.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-02-14
Use After Free in GitHub repository mruby/mruby prior to 3.2.
CVSS Score
5.1
EPSS Score
0.001
Published
2022-05-31
Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2. # Impact: Possible arbitrary code execution if being exploited.
CVSS Score
7.7
EPSS Score
0.002
Published
2022-04-23
heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.
CVSS Score
5.9
EPSS Score
0.006
Published
2022-04-10
Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.
CVSS Score
8.4
EPSS Score
0.008
Published
2022-04-10
Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.
CVSS Score
9.3
EPSS Score
0.003
Published
2022-04-05
NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system.
CVSS Score
7.1
EPSS Score
0.001
Published
2022-04-02
use after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2.
CVSS Score
7.2
EPSS Score
0.002
Published
2022-03-27
Page 1