Fabre

#1120796 mruby: CVE-2025-13120 #1120796

Package:: src:mruby

Source:: src:mruby

Submitter:: Moritz Mühlenhoff

Date:: 2025-11-20 17:39:06 UTC

Severity:: normal

Tags:

#1120796#5

Date:: 2025-11-16 13:17:08 UTC

From:

To:

Hi,

The following vulnerability was published for mruby.

CVE-2025-13120[0]:
| A vulnerability has been found in mruby up to 3.4.0. This
| vulnerability affects the function sort_cmp of the file src/array.c.
| Such manipulation leads to use after free. An attack has to be
| approached locally. The exploit has been disclosed to the public and
| may be used. The name of the patch is
| eb398971bfb43c38db3e04528b68ac9a7ce509bc. It is advisable to
| implement a patch to correct this issue.

https://github.com/mruby/mruby/issues/6649
Fixed by: https://github.com/mruby/mruby/commit/eb398971bfb43c38db3e04528b68ac9a7ce509bc


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-13120
https://www.cve.org/CVERecord?id=CVE-2025-13120

Please adjust the affected versions in the BTS as needed.

#1120796 mruby: CVE-2025-13120 #1120796

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)