CNNVD-202511-770 Information

CNNVD ID

CNNVD-202511-770

Related CVE

CVE-2025-12875

• CNNVD Published: 2025-11-07

Description (Chinese)

mruby是makesoftwaresafe开源的一款Ruby语言的轻量级实现。 mruby 3.4.0版本存在缓冲区错误漏洞，该漏洞源于对文件mrbgems/mruby-array-ext/src/array.c中函数ary_fill_exec的参数start/length的错误操作，可能导致越界写入。

Description (English)

Mruby is a lightweight of the Ruby language that is an open source of makingsoftwaresafe. Mruby 3.4.0 has an error loophole in the buffer zone, which arises out of the error in the parameter start/length of function ary fill exec in document mrbgems/mruby-array-ext/src/array.c, which may lead to cross-border writing.

Hazard Level

High

Vulnerability Type

缓冲区错误

Affected Vendor

makesoftwaresafe

Published

2025-11-07

Last Modified

2026-02-24

References

https://github.com/mruby/mruby/ https://vuldb.com/?ctiid.331511 https://github.com/mruby/mruby/issues/6650#event-20443453808 https://github.com/makesoftwaresafe/mruby/commit/93619f06dd378db6766666b30c08978311c7ec94 https://github.com/mruby/mruby/issues/6650#issuecomment-3430851605 https://vuldb.com/?id.331511 https://vuldb.com/?submit.680879 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12875 https://access.redhat.com/security/cve/cve-2025-12875