CVE-2022-1201 — NULL Pointer Dereference in Mruby

CWE-476 — NULL Pointer Dereference5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 65.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mruby Mruby Mruby Debian Mruby

Timeline

PublishedApr 2

Latest updateOct 22

Description

NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages4 packages

▶NVDmruby/mruby< 3.2

▶debiandebian/mruby< mruby 3.1.0-1 (bookworm)

▶CVEListV5mruby/mruby_mrubyunspecified — 3.2

▶Debianmruby/mruby< 3.1.0-1+2

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-p2wj-9vfc-2xj7: NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mruby prior to 3↗2022-04-03

▶

OSV

CVE-2022-1201: NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mruby prior to 3↗2022-04-02

▶

📋Vendor Advisories

Debian

CVE-2022-1201: mruby - NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mr...↗2022

▶

📄Research Papers

arXiv

SEC-bench: Automated Benchmarking of LLM Agents on Real-World Software Security Tasks↗2025-10-22

▶