Detections
Analytics

CVE-2025-7207

medium

Description

A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 1fdd96104180cc0fb5d3cb086b05ab6458911bb9. It is recommended to apply a patch to fix this issue.

References

https://vuldb.com/?submit.607683

https://vuldb.com/?id.315156

https://vuldb.com/?ctiid.315156

https://github.com/user-attachments/files/19619499/mruby_crash.txt

https://github.com/mruby/mruby/issues/6509#event-17145516649

https://github.com/mruby/mruby/issues/6509

https://github.com/mruby/mruby/commit/1fdd96104180cc0fb5d3cb086b05ab6458911bb9

Details

Source: Mitre, NVD

Published: 2025-07-09

Updated: 2025-07-10

Risk Information

CVSS v2

Base Score: 1.7

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:P

Severity: Low

CVSS v3

Base Score: 3.3

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Severity: Low

CVSS v4

Base Score: 4.8

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00013