CVE-2025-7207 | mruby up to 3.4.0-rc2 nregs codegen.c scope_new heap-based overflow (Issue 6509)

Inserito da Angelo Barbosa | Lug 7, 2025 | CVE

A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow.

This vulnerability is traded as CVE-2025-7207. An attack has to be approached locally. Furthermore, there is an exploit available.

It is recommended to apply a patch to fix this issue.

CVE-2025-7207 | mruby up to 3.4.0-rc2 nregs codegen.c scope_new heap-based overflow (Issue 6509)

Post correlati

CVE-2024-49087 | Microsoft Windows up to Server 2025 Mobile Broadband Driver information disclosure

CVE-2024-33506 | Fortinet FortiManager up to 7.0.12/7.2.5/7.4.2 HTTP information disclosure (FG-IR-23-472)

CVE-2024-38632 | Linux Kernel up to 6.6.32/6.9.3 vfio_intx_enable memory leak (0bd22a4966d5/35fef97c33f3/82b951e6fbd3)

CVE-2022-49649 | Linux Kernel up to 5.18.12 xenvif_rx_next_skb null pointer dereference