CVE-2025-13397

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-13397

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-13397.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-13397

Published

2025-11-19T16:15:47.347Z

Modified

2025-12-03T15:23:31.045245Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A security vulnerability has been detected in mrubyc up to 3.4. This impacts the function mrbcrawrealloc of the file src/alloc.c. Such manipulation of the argument ptr leads to null pointer dereference. An attack has to be approached locally. The name of the patch is 009111904807b8567262036bf45297c3da8f1c87. It is advisable to implement a patch to correct this issue.

References

Affected packages

Git / github.com/mrubyc/mrubyc

Affected ranges

Type: GIT
Repo: https://github.com/mrubyc/mrubyc
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

009111904807b8567262036bf45297c3da8f1c87

Affected versions

Other

beta2

beta3

beta4

release1.*

release1.0

release1.1

release1.1RC1

release1.1RC2

release1.2

release2.*

release2.0

release2.1

release3.*

release3.1

release3.2

release3.2-beta1

release3.2-rc1

release3.3

release3.3.1

release3.4

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "source": "https://github.com/mrubyc/mrubyc/commit/009111904807b8567262036bf45297c3da8f1c87",
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2025-13397-c074f359",
        "digest": {
            "function_hash": "79142215126855726851561168407461939967",
            "length": 1160.0
        },
        "target": {
            "file": "src/alloc.c",
            "function": "mrbc_raw_realloc"
        }
    },
    {
        "signature_type": "Line",
        "source": "https://github.com/mrubyc/mrubyc/commit/009111904807b8567262036bf45297c3da8f1c87",
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2025-13397-c8069b31",
        "digest": {
            "line_hashes": [
                "252907259741965015429048688671865759136",
                "31793476453168332436203216682406175085",
                "96407396698854802965844241235553744214",
                "156002919658214048247621089207244992631",
                "12677554200944974588762101313805173149"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "src/alloc.c"
        }
    }
]