csaf_opensuse - opensuse-su-2025:15333-1

opensuse-su-2025:15333-1

Vulnerability from csaf_opensuse

Published

2025-07-09 00:00

Modified

2025-07-09 00:00

Summary

libmruby3_4_0-3.4.0-1.1 on GA media

Notes

Title of the patch

libmruby3_4_0-3.4.0-1.1 on GA media

Description of the patch

These are all security issues fixed in the libmruby3_4_0-3.4.0-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2025-15333

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "libmruby3_4_0-3.4.0-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the libmruby3_4_0-3.4.0-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2025-15333",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15333-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-0623 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-0623/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-0717 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-0717/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-1276 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-1276/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-7207 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-7207/"
      }
    ],
    "title": "libmruby3_4_0-3.4.0-1.1 on GA media",
    "tracking": {
      "current_release_date": "2025-07-09T00:00:00Z",
      "generator": {
        "date": "2025-07-09T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2025:15333-1",
      "initial_release_date": "2025-07-09T00:00:00Z",
      "revision_history": [
        {
          "date": "2025-07-09T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libmruby3_4_0-3.4.0-1.1.aarch64",
                "product": {
                  "name": "libmruby3_4_0-3.4.0-1.1.aarch64",
                  "product_id": "libmruby3_4_0-3.4.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libmruby_core3_4_0-3.4.0-1.1.aarch64",
                "product": {
                  "name": "libmruby_core3_4_0-3.4.0-1.1.aarch64",
                  "product_id": "libmruby_core3_4_0-3.4.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "mruby-3.4.0-1.1.aarch64",
                "product": {
                  "name": "mruby-3.4.0-1.1.aarch64",
                  "product_id": "mruby-3.4.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "mruby-devel-3.4.0-1.1.aarch64",
                "product": {
                  "name": "mruby-devel-3.4.0-1.1.aarch64",
                  "product_id": "mruby-devel-3.4.0-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libmruby3_4_0-3.4.0-1.1.ppc64le",
                "product": {
                  "name": "libmruby3_4_0-3.4.0-1.1.ppc64le",
                  "product_id": "libmruby3_4_0-3.4.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libmruby_core3_4_0-3.4.0-1.1.ppc64le",
                "product": {
                  "name": "libmruby_core3_4_0-3.4.0-1.1.ppc64le",
                  "product_id": "libmruby_core3_4_0-3.4.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "mruby-3.4.0-1.1.ppc64le",
                "product": {
                  "name": "mruby-3.4.0-1.1.ppc64le",
                  "product_id": "mruby-3.4.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "mruby-devel-3.4.0-1.1.ppc64le",
                "product": {
                  "name": "mruby-devel-3.4.0-1.1.ppc64le",
                  "product_id": "mruby-devel-3.4.0-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libmruby3_4_0-3.4.0-1.1.s390x",
                "product": {
                  "name": "libmruby3_4_0-3.4.0-1.1.s390x",
                  "product_id": "libmruby3_4_0-3.4.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libmruby_core3_4_0-3.4.0-1.1.s390x",
                "product": {
                  "name": "libmruby_core3_4_0-3.4.0-1.1.s390x",
                  "product_id": "libmruby_core3_4_0-3.4.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "mruby-3.4.0-1.1.s390x",
                "product": {
                  "name": "mruby-3.4.0-1.1.s390x",
                  "product_id": "mruby-3.4.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "mruby-devel-3.4.0-1.1.s390x",
                "product": {
                  "name": "mruby-devel-3.4.0-1.1.s390x",
                  "product_id": "mruby-devel-3.4.0-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libmruby3_4_0-3.4.0-1.1.x86_64",
                "product": {
                  "name": "libmruby3_4_0-3.4.0-1.1.x86_64",
                  "product_id": "libmruby3_4_0-3.4.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libmruby_core3_4_0-3.4.0-1.1.x86_64",
                "product": {
                  "name": "libmruby_core3_4_0-3.4.0-1.1.x86_64",
                  "product_id": "libmruby_core3_4_0-3.4.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "mruby-3.4.0-1.1.x86_64",
                "product": {
                  "name": "mruby-3.4.0-1.1.x86_64",
                  "product_id": "mruby-3.4.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "mruby-devel-3.4.0-1.1.x86_64",
                "product": {
                  "name": "mruby-devel-3.4.0-1.1.x86_64",
                  "product_id": "mruby-devel-3.4.0-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libmruby3_4_0-3.4.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.aarch64"
        },
        "product_reference": "libmruby3_4_0-3.4.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libmruby3_4_0-3.4.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.ppc64le"
        },
        "product_reference": "libmruby3_4_0-3.4.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libmruby3_4_0-3.4.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.s390x"
        },
        "product_reference": "libmruby3_4_0-3.4.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libmruby3_4_0-3.4.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.x86_64"
        },
        "product_reference": "libmruby3_4_0-3.4.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libmruby_core3_4_0-3.4.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.aarch64"
        },
        "product_reference": "libmruby_core3_4_0-3.4.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libmruby_core3_4_0-3.4.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.ppc64le"
        },
        "product_reference": "libmruby_core3_4_0-3.4.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libmruby_core3_4_0-3.4.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.s390x"
        },
        "product_reference": "libmruby_core3_4_0-3.4.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libmruby_core3_4_0-3.4.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.x86_64"
        },
        "product_reference": "libmruby_core3_4_0-3.4.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mruby-3.4.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:mruby-3.4.0-1.1.aarch64"
        },
        "product_reference": "mruby-3.4.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mruby-3.4.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:mruby-3.4.0-1.1.ppc64le"
        },
        "product_reference": "mruby-3.4.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mruby-3.4.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:mruby-3.4.0-1.1.s390x"
        },
        "product_reference": "mruby-3.4.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mruby-3.4.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:mruby-3.4.0-1.1.x86_64"
        },
        "product_reference": "mruby-3.4.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mruby-devel-3.4.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.aarch64"
        },
        "product_reference": "mruby-devel-3.4.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mruby-devel-3.4.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.ppc64le"
        },
        "product_reference": "mruby-devel-3.4.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mruby-devel-3.4.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.s390x"
        },
        "product_reference": "mruby-devel-3.4.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mruby-devel-3.4.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.x86_64"
        },
        "product_reference": "mruby-devel-3.4.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-0623",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-0623"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Out-of-bounds Read in Homebrew mruby prior to 3.2.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.aarch64",
          "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.s390x",
          "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.x86_64",
          "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.aarch64",
          "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.s390x",
          "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.x86_64",
          "openSUSE Tumbleweed:mruby-3.4.0-1.1.aarch64",
          "openSUSE Tumbleweed:mruby-3.4.0-1.1.ppc64le",
          "openSUSE Tumbleweed:mruby-3.4.0-1.1.s390x",
          "openSUSE Tumbleweed:mruby-3.4.0-1.1.x86_64",
          "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.aarch64",
          "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.ppc64le",
          "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.s390x",
          "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-0623",
          "url": "https://www.suse.com/security/cve/CVE-2022-0623"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1196106 for CVE-2022-0623",
          "url": "https://bugzilla.suse.com/1196106"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.aarch64",
            "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.s390x",
            "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.x86_64",
            "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.aarch64",
            "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.s390x",
            "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.x86_64",
            "openSUSE Tumbleweed:mruby-3.4.0-1.1.aarch64",
            "openSUSE Tumbleweed:mruby-3.4.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mruby-3.4.0-1.1.s390x",
            "openSUSE Tumbleweed:mruby-3.4.0-1.1.x86_64",
            "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.aarch64",
            "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.s390x",
            "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.aarch64",
            "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.s390x",
            "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.x86_64",
            "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.aarch64",
            "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.s390x",
            "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.x86_64",
            "openSUSE Tumbleweed:mruby-3.4.0-1.1.aarch64",
            "openSUSE Tumbleweed:mruby-3.4.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mruby-3.4.0-1.1.s390x",
            "openSUSE Tumbleweed:mruby-3.4.0-1.1.x86_64",
            "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.aarch64",
            "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.s390x",
            "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-09T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-0623"
    },
    {
      "cve": "CVE-2022-0717",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-0717"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Out-of-bounds Read in GitHub repository mruby/mruby prior to 3.2.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.aarch64",
          "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.s390x",
          "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.x86_64",
          "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.aarch64",
          "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.s390x",
          "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.x86_64",
          "openSUSE Tumbleweed:mruby-3.4.0-1.1.aarch64",
          "openSUSE Tumbleweed:mruby-3.4.0-1.1.ppc64le",
          "openSUSE Tumbleweed:mruby-3.4.0-1.1.s390x",
          "openSUSE Tumbleweed:mruby-3.4.0-1.1.x86_64",
          "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.aarch64",
          "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.ppc64le",
          "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.s390x",
          "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-0717",
          "url": "https://www.suse.com/security/cve/CVE-2022-0717"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1196366 for CVE-2022-0717",
          "url": "https://bugzilla.suse.com/1196366"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.aarch64",
            "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.s390x",
            "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.x86_64",
            "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.aarch64",
            "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.s390x",
            "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.x86_64",
            "openSUSE Tumbleweed:mruby-3.4.0-1.1.aarch64",
            "openSUSE Tumbleweed:mruby-3.4.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mruby-3.4.0-1.1.s390x",
            "openSUSE Tumbleweed:mruby-3.4.0-1.1.x86_64",
            "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.aarch64",
            "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.s390x",
            "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.aarch64",
            "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.s390x",
            "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.x86_64",
            "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.aarch64",
            "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.s390x",
            "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.x86_64",
            "openSUSE Tumbleweed:mruby-3.4.0-1.1.aarch64",
            "openSUSE Tumbleweed:mruby-3.4.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mruby-3.4.0-1.1.s390x",
            "openSUSE Tumbleweed:mruby-3.4.0-1.1.x86_64",
            "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.aarch64",
            "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.s390x",
            "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-09T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-0717"
    },
    {
      "cve": "CVE-2022-1276",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-1276"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.aarch64",
          "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.s390x",
          "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.x86_64",
          "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.aarch64",
          "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.s390x",
          "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.x86_64",
          "openSUSE Tumbleweed:mruby-3.4.0-1.1.aarch64",
          "openSUSE Tumbleweed:mruby-3.4.0-1.1.ppc64le",
          "openSUSE Tumbleweed:mruby-3.4.0-1.1.s390x",
          "openSUSE Tumbleweed:mruby-3.4.0-1.1.x86_64",
          "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.aarch64",
          "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.ppc64le",
          "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.s390x",
          "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-1276",
          "url": "https://www.suse.com/security/cve/CVE-2022-1276"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1198288 for CVE-2022-1276",
          "url": "https://bugzilla.suse.com/1198288"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.aarch64",
            "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.s390x",
            "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.x86_64",
            "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.aarch64",
            "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.s390x",
            "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.x86_64",
            "openSUSE Tumbleweed:mruby-3.4.0-1.1.aarch64",
            "openSUSE Tumbleweed:mruby-3.4.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mruby-3.4.0-1.1.s390x",
            "openSUSE Tumbleweed:mruby-3.4.0-1.1.x86_64",
            "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.aarch64",
            "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.s390x",
            "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.aarch64",
            "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.s390x",
            "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.x86_64",
            "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.aarch64",
            "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.s390x",
            "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.x86_64",
            "openSUSE Tumbleweed:mruby-3.4.0-1.1.aarch64",
            "openSUSE Tumbleweed:mruby-3.4.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mruby-3.4.0-1.1.s390x",
            "openSUSE Tumbleweed:mruby-3.4.0-1.1.x86_64",
            "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.aarch64",
            "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.s390x",
            "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-09T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-1276"
    },
    {
      "cve": "CVE-2025-7207",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-7207"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 1fdd96104180cc0fb5d3cb086b05ab6458911bb9. It is recommended to apply a patch to fix this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.aarch64",
          "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.s390x",
          "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.x86_64",
          "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.aarch64",
          "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.s390x",
          "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.x86_64",
          "openSUSE Tumbleweed:mruby-3.4.0-1.1.aarch64",
          "openSUSE Tumbleweed:mruby-3.4.0-1.1.ppc64le",
          "openSUSE Tumbleweed:mruby-3.4.0-1.1.s390x",
          "openSUSE Tumbleweed:mruby-3.4.0-1.1.x86_64",
          "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.aarch64",
          "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.ppc64le",
          "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.s390x",
          "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-7207",
          "url": "https://www.suse.com/security/cve/CVE-2025-7207"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1246138 for CVE-2025-7207",
          "url": "https://bugzilla.suse.com/1246138"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.aarch64",
            "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.s390x",
            "openSUSE Tumbleweed:libmruby3_4_0-3.4.0-1.1.x86_64",
            "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.aarch64",
            "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.s390x",
            "openSUSE Tumbleweed:libmruby_core3_4_0-3.4.0-1.1.x86_64",
            "openSUSE Tumbleweed:mruby-3.4.0-1.1.aarch64",
            "openSUSE Tumbleweed:mruby-3.4.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mruby-3.4.0-1.1.s390x",
            "openSUSE Tumbleweed:mruby-3.4.0-1.1.x86_64",
            "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.aarch64",
            "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.s390x",
            "openSUSE Tumbleweed:mruby-devel-3.4.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-09T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2025-7207"
    }
  ]
}

CVE-2022-0717 (GCVE-0-2022-0717)

Vulnerability from cvelistv5

Published

2022-02-23 02:05

Modified

2024-08-02 23:40

Severity ?

6.8 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE

CWE-125 - Out-of-bounds Read

Summary

Out-of-bounds Read in GitHub repository mruby/mruby prior to 3.2.

References

►

URL

Tags

	https://huntr.dev/bounties/27a851a5-7ebf-409b-854f-b2614771e8f9	x_refsource_CONFIRM
	https://github.com/mruby/mruby/commit/f72315575f78a9a773adbce0ee7d3ec33434cb76	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	mruby	mruby/mruby	Version: unspecified < 3.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:40:03.266Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/27a851a5-7ebf-409b-854f-b2614771e8f9"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/mruby/mruby/commit/f72315575f78a9a773adbce0ee7d3ec33434cb76"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mruby/mruby",
          "vendor": "mruby",
          "versions": [
            {
              "lessThan": "3.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Out-of-bounds Read in GitHub repository mruby/mruby prior to 3.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-23T02:05:11",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/27a851a5-7ebf-409b-854f-b2614771e8f9"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/mruby/mruby/commit/f72315575f78a9a773adbce0ee7d3ec33434cb76"
        }
      ],
      "source": {
        "advisory": "27a851a5-7ebf-409b-854f-b2614771e8f9",
        "discovery": "EXTERNAL"
      },
      "title": "Out-of-bounds Read in mruby/mruby",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2022-0717",
          "STATE": "PUBLIC",
          "TITLE": "Out-of-bounds Read in mruby/mruby"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "mruby/mruby",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "3.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "mruby"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Out-of-bounds Read in GitHub repository mruby/mruby prior to 3.2."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-125 Out-of-bounds Read"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://huntr.dev/bounties/27a851a5-7ebf-409b-854f-b2614771e8f9",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/27a851a5-7ebf-409b-854f-b2614771e8f9"
            },
            {
              "name": "https://github.com/mruby/mruby/commit/f72315575f78a9a773adbce0ee7d3ec33434cb76",
              "refsource": "MISC",
              "url": "https://github.com/mruby/mruby/commit/f72315575f78a9a773adbce0ee7d3ec33434cb76"
            }
          ]
        },
        "source": {
          "advisory": "27a851a5-7ebf-409b-854f-b2614771e8f9",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-0717",
    "datePublished": "2022-02-23T02:05:11",
    "dateReserved": "2022-02-22T00:00:00",
    "dateUpdated": "2024-08-02T23:40:03.266Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-7207 (GCVE-0-2025-7207)

Vulnerability from cvelistv5

Published

2025-07-09 00:02

Modified

2025-07-09 13:08

Severity ?

1.9 (Low) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3.3 (Low) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CWE

CWE-122 - Heap-based Buffer Overflow
CWE-119 - Memory Corruption

Summary

A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 1fdd96104180cc0fb5d3cb086b05ab6458911bb9. It is recommended to apply a patch to fix this issue.

References

►

URL

Tags

	https://vuldb.com/?id.315156	vdb-entry, technical-description
	https://vuldb.com/?ctiid.315156	signature, permissions-required
	https://vuldb.com/?submit.607683	third-party-advisory
	https://github.com/mruby/mruby/issues/6509	issue-tracking
	https://github.com/mruby/mruby/issues/6509#event-17145516649	issue-tracking
	https://github.com/user-attachments/files/19619499/mruby_crash.txt	exploit
	https://github.com/mruby/mruby/commit/1fdd96104180cc0fb5d3cb086b05ab6458911bb9	patch

Impacted products

	Vendor	Product	Version
	n/a	mruby	Version: 3.4.0-rc1 Version: 3.4.0-rc2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-7207",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-09T13:08:07.309680Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-09T13:08:10.538Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/mruby/mruby/issues/6509"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "nregs Handler"
          ],
          "product": "mruby",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "3.4.0-rc1"
            },
            {
              "status": "affected",
              "version": "3.4.0-rc2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "JJLeo (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 1fdd96104180cc0fb5d3cb086b05ab6458911bb9. It is recommended to apply a patch to fix this issue."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in mruby bis 3.4.0-rc2 gefunden. Sie wurde als problematisch eingestuft. Hiervon betroffen ist die Funktion scope_new der Datei mrbgems/mruby-compiler/core/codegen.c der Komponente nregs Handler. Mittels Manipulieren mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 1fdd96104180cc0fb5d3cb086b05ab6458911bb9 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 1.7,
            "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "Memory Corruption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-09T00:02:07.237Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-315156 | mruby nregs codegen.c scope_new heap-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.315156"
        },
        {
          "name": "VDB-315156 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.315156"
        },
        {
          "name": "Submit #607683 | mruby mruby 3.4.0-rc2 (commit dd68681) Heap-based Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.607683"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/mruby/mruby/issues/6509"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/mruby/mruby/issues/6509#event-17145516649"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/user-attachments/files/19619499/mruby_crash.txt"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/mruby/mruby/commit/1fdd96104180cc0fb5d3cb086b05ab6458911bb9"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-07-07T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-07-07T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-07-07T14:27:08.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "mruby nregs codegen.c scope_new heap-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-7207",
    "datePublished": "2025-07-09T00:02:07.237Z",
    "dateReserved": "2025-07-07T12:21:11.405Z",
    "dateUpdated": "2025-07-09T13:08:10.538Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-0623 (GCVE-0-2022-0623)

Vulnerability from cvelistv5

Published

2022-02-17 06:30

Modified

2024-08-02 23:32

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CWE

CWE-125 - Out-of-bounds Read

Summary

Out-of-bounds Read in Homebrew mruby prior to 3.2.

References

►

URL

Tags

	https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad	x_refsource_MISC
	https://huntr.dev/bounties/5b908ac7-d8f1-4fcd-9355-85df565f7580	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	mruby	mruby/mruby	Version: unspecified < 3.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:32:46.438Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/5b908ac7-d8f1-4fcd-9355-85df565f7580"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mruby/mruby",
          "vendor": "mruby",
          "versions": [
            {
              "lessThan": "3.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Out-of-bounds Read in Homebrew mruby prior to 3.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-17T06:30:10",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/5b908ac7-d8f1-4fcd-9355-85df565f7580"
        }
      ],
      "source": {
        "advisory": "5b908ac7-d8f1-4fcd-9355-85df565f7580",
        "discovery": "EXTERNAL"
      },
      "title": "Out-of-bounds Read in mruby/mruby",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2022-0623",
          "STATE": "PUBLIC",
          "TITLE": "Out-of-bounds Read in mruby/mruby"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "mruby/mruby",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "3.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "mruby"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Out-of-bounds Read in Homebrew mruby prior to 3.2."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-125 Out-of-bounds Read"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad",
              "refsource": "MISC",
              "url": "https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad"
            },
            {
              "name": "https://huntr.dev/bounties/5b908ac7-d8f1-4fcd-9355-85df565f7580",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/5b908ac7-d8f1-4fcd-9355-85df565f7580"
            }
          ]
        },
        "source": {
          "advisory": "5b908ac7-d8f1-4fcd-9355-85df565f7580",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-0623",
    "datePublished": "2022-02-17T06:30:10",
    "dateReserved": "2022-02-16T00:00:00",
    "dateUpdated": "2024-08-02T23:32:46.438Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-1276 (GCVE-0-2022-1276)

Vulnerability from cvelistv5

Published

2022-04-10 09:35

Modified

2024-08-02 23:55

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-125 - Out-of-bounds Read

Summary

Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.

References

►

URL

Tags

	https://huntr.dev/bounties/6ea041d1-e2aa-472c-bf3e-da5fa8726c25	x_refsource_CONFIRM
	https://github.com/mruby/mruby/commit/c8c083cb750606b2da81582cd8e43b442bb143e6	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	mruby	mruby/mruby	Version: unspecified < 3.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:55:24.623Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/6ea041d1-e2aa-472c-bf3e-da5fa8726c25"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/mruby/mruby/commit/c8c083cb750606b2da81582cd8e43b442bb143e6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mruby/mruby",
          "vendor": "mruby",
          "versions": [
            {
              "lessThan": "3.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-10T09:35:10",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/6ea041d1-e2aa-472c-bf3e-da5fa8726c25"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/mruby/mruby/commit/c8c083cb750606b2da81582cd8e43b442bb143e6"
        }
      ],
      "source": {
        "advisory": "6ea041d1-e2aa-472c-bf3e-da5fa8726c25",
        "discovery": "EXTERNAL"
      },
      "title": "Out-of-bounds Read in mrb_get_args  in mruby/mruby",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2022-1276",
          "STATE": "PUBLIC",
          "TITLE": "Out-of-bounds Read in mrb_get_args  in mruby/mruby"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "mruby/mruby",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "3.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "mruby"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-125 Out-of-bounds Read"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://huntr.dev/bounties/6ea041d1-e2aa-472c-bf3e-da5fa8726c25",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/6ea041d1-e2aa-472c-bf3e-da5fa8726c25"
            },
            {
              "name": "https://github.com/mruby/mruby/commit/c8c083cb750606b2da81582cd8e43b442bb143e6",
              "refsource": "MISC",
              "url": "https://github.com/mruby/mruby/commit/c8c083cb750606b2da81582cd8e43b442bb143e6"
            }
          ]
        },
        "source": {
          "advisory": "6ea041d1-e2aa-472c-bf3e-da5fa8726c25",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-1276",
    "datePublished": "2022-04-10T09:35:10",
    "dateReserved": "2022-04-08T00:00:00",
    "dateUpdated": "2024-08-02T23:55:24.623Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

opensuse-su-2025:15333-1

Vulnerability from csaf_opensuse

CVE-2022-0717 (GCVE-0-2022-0717)

Vulnerability from cvelistv5

CVE-2025-7207 (GCVE-0-2025-7207)

Vulnerability from cvelistv5

CVE-2022-0623 (GCVE-0-2022-0623)

Vulnerability from cvelistv5

CVE-2022-1276 (GCVE-0-2022-1276)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature