Security Bulletin: Local Out-of-Bounds Write Vulnerability in mruby ary_fill_exec Function (v3.4.0), affects watsonx.data

Summary A local vulnerability in mruby v3.4.0 allows out-of-bounds writes via the aryfillexec function when manipulating the start or length arguments. Exploits are publicly available, and applying the patch 93619f06dd378db6766666b30c08978311c7ec94 is recommended. This can affect watsonx.data...

CVE-2025-12875 mruby array.c ary_fill_exec out-of-bounds write

A weakness has been identified in mruby 3.4.0. This vulnerability affects the function aryfillexec of the file mrbgems/mruby-array-ext/src/array.c. Executing a manipulation of the argument start/length can lead to out-of-bounds write. The attack needs to be launched locally. The exploit has been...

CVE-2025-12875

A weakness has been identified in mruby 3.4.0. This vulnerability affects the function aryfillexec of the file mrbgems/mruby-array-ext/src/array.c. Executing a manipulation of the argument start/length can lead to out-of-bounds write. The attack needs to be launched locally. The exploit has been...

CVE-2025-12875

CVE-2025-12875 affects mruby 3.4.0, specifically the ary_fill_exec path in mrbgems/mruby-array-ext/src/array.c. The root cause is a manipulation of argument start/length that can trigger an out-of-bounds write, with a local attack vector and public exploits available. A patch is recorded as commi...