Yukihiro "Matz" Matsumoto

32 exploits Active since Jun 2017
CVE-2022-1212 WRITEUP CRITICAL WRITEUP
Mruby < 3.0.0 - Use After Free
Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.
CVSS 9.8
CVE-2022-1276 WRITEUP CRITICAL WRITEUP
Mruby < 3.2 - Out-of-Bounds Read
Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.
CVSS 9.8
CVE-2022-1286 WRITEUP CRITICAL WRITEUP
Mruby < 3.2 - Out-of-Bounds Write
heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.
CVSS 9.8
CVE-2025-12875 WRITEUP MEDIUM WRITEUP
mruby 3.4.0 - Memory Corruption
A weakness has been identified in mruby 3.4.0. This vulnerability affects the function ary_fill_exec of the file mrbgems/mruby-array-ext/src/array.c. Executing a manipulation of the argument start/length can lead to out-of-bounds write. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. This patch is called 93619f06dd378db6766666b30c08978311c7ec94. It is best practice to apply a patch to resolve this issue.
CVSS 5.3
CVE-2025-13120 WRITEUP MEDIUM WRITEUP
Mruby < 3.4.0 - Use After Free
A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is eb398971bfb43c38db3e04528b68ac9a7ce509bc. It is advisable to implement a patch to correct this issue.
CVSS 5.3
CVE-2025-7207 WRITEUP LOW WRITEUP
Mruby < 3.4.0 - Out-of-Bounds Write
A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 1fdd96104180cc0fb5d3cb086b05ab6458911bb9. It is recommended to apply a patch to fix this issue.
CVSS 3.3
CVE-2026-1979 WRITEUP MEDIUM WRITEUP
mruby <3.4.0 - Use After Free
A flaw has been found in mruby up to 3.4.0. This affects the function mrb_vm_exec of the file src/vm.c of the component JMPNOT-to-JMPIF Optimization. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been published and may be used. This patch is called e50f15c1c6e131fa7934355eb02b8173b13df415. It is advisable to implement a patch to correct this issue.
CVSS 5.3