Debian Mruby vulnerabilities

CVE-2026-1979 [MEDIUM] CVE-2026-1979: mruby - A flaw has been found in mruby up to 3.4.0. This affects the function mrb_vm_exe... A flaw has been found in mruby up to 3.4.0. This affects the function mrb_vm_exec of the file src/vm.c of the component JMPNOT-to-JMPIF Optimization. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been published and may be used. This patch is called e50f15c1c6e131fa7934355eb02b8173b13df415. It is advisable

CVE-2025-13120 [MEDIUM] CVE-2025-13120: mruby - A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects ... A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is eb398971bfb43c38db3e04528b68ac9a7ce509bc. It is advisable to implement

CVE-2025-7207 [MEDIUM] CVE-2025-7207: mruby - A vulnerability, which was classified as problematic, was found in mruby up to 3... A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The nam

CVE-2025-12875 [MEDIUM] CVE-2025-12875: mruby - A weakness has been identified in mruby 3.4.0. This vulnerability affects the fu... A weakness has been identified in mruby 3.4.0. This vulnerability affects the function ary_fill_exec of the file mrbgems/mruby-array-ext/src/array.c. Executing a manipulation of the argument start/length can lead to out-of-bounds write. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. This patc

CVE-2022-0080 [CRITICAL] CVE-2022-0080: mruby - mruby is vulnerable to Heap-based Buffer Overflow mruby is vulnerable to Heap-based Buffer Overflow Scope: local bookworm: resolved (fixed in 3.0.0-3) bullseye: open forky: resolved (fixed in 3.0.0-3) sid: resolved (fixed in 3.0.0-3) trixie: resolved (fixed in 3.0.0-3)

CVE-2022-1286 [CRITICAL] CVE-2022-1286: mruby - heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mr... heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited. Scope: local bookworm: resolved (fixed in 3.0.0-4) bullseye: open forky: resolved (fixed in 3.0.0-4) sid: resolved (fixed in 3.0.0-4) trixie: resolved (fixed in 3.0.0-4)

CVE-2022-1212 [CRITICAL] CVE-2022-1212: mruby - Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby/mruby pri... Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited. Scope: local bookworm: resolved (fixed in 3.0.0-4) bullseye: open forky: resolved (fixed in 3.0.0-4) sid: resolved (fixed in 3.0.0-4) trixie: resolved (fixed in 3.0.0-4)

CVE-2022-1427 [HIGH] CVE-2022-1427: mruby - Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby pri... Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2. # Impact: Possible arbitrary code execution if being exploited. Scope: local bookworm: resolved (fixed in 3.1.0-1) bullseye: open forky: resolved (fixed in 3.1.0-1) sid: resolved (fixed in 3.1.0-1) trixie: resolved (fixed in 3.1.0-1)

CVE-2022-0481 [HIGH] CVE-2022-0481: mruby - NULL Pointer Dereference in Homebrew mruby prior to 3.2. NULL Pointer Dereference in Homebrew mruby prior to 3.2. Scope: local bookworm: resolved (fixed in 3.1.0-1) bullseye: open forky: resolved (fixed in 3.1.0-1) sid: resolved (fixed in 3.1.0-1) trixie: resolved (fixed in 3.1.0-1)

CVE-2022-0240 [HIGH] CVE-2022-0240: mruby - mruby is vulnerable to NULL Pointer Dereference mruby is vulnerable to NULL Pointer Dereference Scope: local bookworm: resolved (fixed in 3.1.0-1) bullseye: open forky: resolved (fixed in 3.1.0-1) sid: resolved (fixed in 3.1.0-1) trixie: resolved (fixed in 3.1.0-1)

CVE-2022-1071 [HIGH] CVE-2022-1071: mruby - User after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2. User after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2. Scope: local bookworm: resolved (fixed in 3.1.0-1) bullseye: open forky: resolved (fixed in 3.1.0-1) sid: resolved (fixed in 3.1.0-1) trixie: resolved (fixed in 3.1.0-1)

CVE-2022-1201 [MEDIUM] CVE-2022-1201: mruby - NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mr... NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system. Scope: local bookworm: resolved (fixed in 3.1.0-1) bullseye: open forky: resolved (fixed in 3.1.0-1) sid: resolved (fixed in 3.1.0-1) trixie: resolved (fixe

CVE-2022-0890 [MEDIUM] CVE-2022-0890: mruby - NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2. NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2. Scope: local bookworm: resolved (fixed in 3.1.0-1) bullseye: open forky: resolved (fixed in 3.1.0-1) sid: resolved (fixed in 3.1.0-1) trixie: resolved (fixed in 3.1.0-1)

CVE-2022-1934 [HIGH] CVE-2022-1934: mruby - Use After Free in GitHub repository mruby/mruby prior to 3.2. Use After Free in GitHub repository mruby/mruby prior to 3.2. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-0717 [CRITICAL] CVE-2022-0717: mruby - Out-of-bounds Read in GitHub repository mruby/mruby prior to 3.2. Out-of-bounds Read in GitHub repository mruby/mruby prior to 3.2. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-0570 [CRITICAL] CVE-2022-0570: mruby - Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-1276 [CRITICAL] CVE-2022-1276: mruby - Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2... Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-0614 [MEDIUM] CVE-2022-0614: mruby - Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2. Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-0630 [HIGH] CVE-2022-0630: mruby - Out-of-bounds Read in Homebrew mruby prior to 3.2. Out-of-bounds Read in Homebrew mruby prior to 3.2. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-0623 [CRITICAL] CVE-2022-0623: mruby - Out-of-bounds Read in Homebrew mruby prior to 3.2. Out-of-bounds Read in Homebrew mruby prior to 3.2. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved