CNNVD-202511-1606 Information

CNNVD ID

CNNVD-202511-1606

Related CVE

CVE-2025-13120

• CNNVD Published: 2025-11-13

Description (Chinese)

mruby是makesoftwaresafe开源的一款Ruby语言的轻量级实现。 mruby 3.4.0及之前版本存在资源管理错误漏洞，该漏洞源于文件src/array.c中sort_cmp函数存在释放后重用问题。

Description (English)

Mruby is a lightweight of the Ruby language that is an open source of makingsoftwaresafe. Mruby 3.4.0 and previous versions contain a resource management error loophole, which arises from a post-release reuse problem in the src/array.c function.

Hazard Level

High

Vulnerability Type

资源管理错误

Affected Vendor

makesoftwaresafe

Published

2025-11-13

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.332325 https://github.com/mruby/mruby/issues/6649 https://vuldb.com/?submit.683435 https://github.com/mruby/mruby/issues/6649#issue-3534393003 https://github.com/mruby/mruby/commit/eb398971bfb43c38db3e04528b68ac9a7ce509bc https://vuldb.com/?id.332325 https://github.com/makesoftwaresafe/mruby/pull/263 https://access.redhat.com/security/cve/cve-2025-13120 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13120