mruby
Moderate fix1 remedy
cpe:2.3:a:mruby:mruby:*:*:*:*:*:*:*
Moderate fix1 remedy
- 3.4.0
mruby Out-of-Bounds Write Vulnerability in Array Extension
Vulnerability
A critical out-of-bounds write vulnerability has been identified in mruby version 3.4.0. The issue arises in the function 'ary_fill_exec' within the file 'mrbgems/mruby-array-ext/src/array.c'. The vulnerability is triggered by manipulating the 'start' and 'length' arguments, leading to a buffer underflow and unauthorized memory write. This flaw must be exploited locally, and a public proof-of-concept exploit is available.
Impact
Exploitation of this vulnerability causes a buffer underflow, allowing memory to be written out of bounds, which can lead to memory corruption.
Reproduction
The vulnerability can be reproduced by calling the 'Array#__fill_exec' method with a negative start index and a positive length. This can be done in Ruby code that is loaded into mruby. The negative start index causes a pointer underflow, which results in writing data before the beginning of the array, thus creating an out-of-bounds write condition.
Remediation
The vulnerability has been patched in mruby version 3.4.0. Users should update to the latest version to address this issue.
Added: Nov 7, 2025, 9:24 PM
Updated: Nov 7, 2025, 9:24 PM
Vulnerability Rating
Custom Algorithm
spread
4.2impact
10.0exploitability
6.0remediation
7.7relevance
0.9threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.