Source: mruby X-Debbugs-CC: [email protected] Severity: important Tags: security
Hi, The following vulnerability was published for mruby. CVE-2025-13120[0]: | A vulnerability has been found in mruby up to 3.4.0. This | vulnerability affects the function sort_cmp of the file src/array.c. | Such manipulation leads to use after free. An attack has to be | approached locally. The exploit has been disclosed to the public and | may be used. The name of the patch is | eb398971bfb43c38db3e04528b68ac9a7ce509bc. It is advisable to | implement a patch to correct this issue. https://github.com/mruby/mruby/issues/6649 Fixed by: https://github.com/mruby/mruby/commit/eb398971bfb43c38db3e04528b68ac9a7ce509bc If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-13120 https://www.cve.org/CVERecord?id=CVE-2025-13120 Please adjust the affected versions in the BTS as needed.
