CVE-2025-13397

LOW

S-itoc Mruby/c < 3.4 - NULL Pointer Dereference

Title source: rule

Description

A security vulnerability has been detected in mrubyc up to 3.4. This impacts the function mrbc_raw_realloc of the file src/alloc.c. Such manipulation of the argument ptr leads to null pointer dereference. An attack has to be approached locally. The name of the patch is 009111904807b8567262036bf45297c3da8f1c87. It is advisable to implement a patch to correct this issue.

References (6)

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.332925

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.332925

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.692130

[Issue Tracking] https://github.com/mrubyc/mrubyc/issues/244

[Issue Tracking] https://github.com/mrubyc/mrubyc/issues/244#issuecomment-3400382026

[Patch] https://github.com/mrubyc/mrubyc/commit/009111904807b8567262036bf45297c3da8f1c87

View Patch ZIP pw:eip

Scores

CVSS v3 3.3

EPSS 0.0001

EPSS Percentile 3.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476 CWE-404

Status published

Products (1)

s-itoc/mruby\/c < 3.4

Published Nov 19, 2025

Tracked Since Feb 18, 2026