7 matches found
Security Bulletin: Cargo in IBM Open SDK for Rust on AIX uses a vulnerable version of libnghttp2-sys (CVE-2025-7207, CVE-2025-12875)
Summary The cargo package manager in IBM Open SDK for Rust on AIX 1.90.0.0 and 1.90.0.0 uses the libnghttp2-sys-0.1.11+1.64.0 crate, which wraps a vulnerable version 1.64 of the nghttp2 library. Vulnerability Details CVEID:CVE-2025-12875 DESCRIPTION: A weakness has been identified in mruby 3.4.0...
CVE-2025-7207
A flaw was found in mruby. The scopenew function in mrbgems/mruby-compiler/core/codegen.c contains a heap-based buffer manipulation, potentially leading to memory corruption. A local attacker can trigger this vulnerability through crafted input, resulting in a potential denial of service...
CVE-2025-7207
A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scopenew of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locall...
CVE-2025-7207 mruby nregs codegen.c scope_new heap-based overflow
A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scopenew of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locall...
CVE-2025-7207
Summary (CVE-2025-7207): A heap-based buffer overflow affects mruby up to 3.4.0-rc2, specifically the function scope_new in file mrbgems/mruby-compiler/core/codegen.c (component nregs Handler). The vulnerability can be triggered locally; an attack requires local access, and the exploit has been d...
CVE-2025-7207 mruby nregs codegen.c scope_new heap-based overflow
A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scopenew of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locall...
CVE-2025-7207
A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scopenew of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locall...