mruby array.c ary_fill_exec out-of-bounds write_CVE-2025-12875

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in mruby 3.4.0. This vulnerability affects the function ary_fill_exec of the file mrbgems/mruby-array-ext/src/array.c. Executing manipulation of the argument start/length can lead to out-of-bounds write. The attack needs to be launched locally. The exploit has been made available to the public and could be exploited. This patch is called 93619f06dd378db6766666b30c08978311c7ec94. It is best practice to apply a patch to resolve this issue.

Basic Information

ID CVE-2025-12875

Source VulDB

Published Nov 7, 2025 at 20:32

Affected Product

Vendor n/a

Product mruby

Version 3.4.0

Affected Versions n/a mruby 3.4.0

CWE Classification

CWE-787 CWE-119

References

{
    "lastseen": "",
    "description": "A weakness has been identified in mruby 3.4.0. This vulnerability affects the function ary_fill_exec of the file mrbgems/mruby-array-ext/src/array.c. Executing manipulation of the argument start/length can lead to out-of-bounds write. The attack needs to be launched locally. The exploit has been made available to the public and could be exploited. This patch is called 93619f06dd378db6766666b30c08978311c7ec94. It is best practice to apply a patch to resolve this issue.",
    "published": "2025-11-07T20:32:07.100Z",
    "modified": "2025-11-07T20:32:07.100Z",
    "type": "cve",
    "title": "mruby array.c ary_fill_exec out-of-bounds write",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.331511\nhttps://vuldb.com/?ctiid.331511\nhttps://vuldb.com/?submit.680879\nhttps://github.com/mruby/mruby/issues/6650\nhttps://github.com/mruby/mruby/issues/6650#event-20443453808\nhttps://github.com/mruby/mruby/issues/6650#issuecomment-3430851605\nhttps://github.com/makesoftwaresafe/mruby/commit/93619f06dd378db6766666b30c08978311c7ec94",
    "id": "CVE-2025-12875",
    "bulletinFamily": "",
    "cwe": [
        "CWE-787",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "n/a mruby 3.4.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "mruby",
    "version": "3.4.0",
    "vendor": "n/a",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}