Fabre

#1127317 mruby: CVE-2026-1979 #1127317

Package:: src:mruby

Source:: src:mruby

Submitter:: Moritz Mühlenhoff

Date:: 2026-02-23 18:04:09 UTC

Severity:: normal

Tags:

#1127317#5

Date:: 2026-02-06 21:23:51 UTC

From:

To:

Hi,

The following vulnerability was published for mruby.

CVE-2026-1979[0]:
| A flaw has been found in mruby up to 3.4.0. This affects the
| function mrb_vm_exec of the file src/vm.c of the component JMPNOT-
| to-JMPIF Optimization. Executing a manipulation can lead to use
| after free. The attack needs to be launched locally. The exploit has
| been published and may be used. This patch is called
| e50f15c1c6e131fa7934355eb02b8173b13df415. It is advisable to
| implement a patch to correct this issue.

https://github.com/mruby/mruby/issues/6701
https://github.com/sysfce2/mruby/commit/e50f15c1c6e131fa7934355eb02b8173b13df415


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-1979
https://www.cve.org/CVERecord?id=CVE-2026-1979

Please adjust the affected versions in the BTS as needed.

#1127317 mruby: CVE-2026-1979 #1127317

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)