Unrated severityNVD Advisory· Published Nov 19, 2025· Updated Nov 19, 2025

mrubyc alloc.c mrbc_raw_realloc null pointer dereference

CVE-2025-13397

Description

A security vulnerability has been detected in mrubyc up to 3.4. This impacts the function mrbc_raw_realloc of the file src/alloc.c. Such manipulation of the argument ptr leads to null pointer dereference. An attack has to be approached locally. The name of the patch is 009111904807b8567262036bf45297c3da8f1c87. It is advisable to implement a patch to correct this issue.

Affected products

mrubyc/mrubycdescription
Mruby/Mrubyllm-fuzzy
Range: <=3.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/mrubyc/mrubyc/commit/009111904807b8567262036bf45297c3da8f1c87mitrepatch
vuldb.commitrethird-party-advisory
github.com/mrubyc/mrubyc/issues/244mitreissue-tracking
github.com/mrubyc/mrubyc/issues/244mitreissue-tracking
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000