CVE-2026-1979 mruby JMPNOT-to-JMPIF Optimization vm.c mrb_vm_exec use after free

A flaw has been found in mruby up to 3.4.0. This affects the function mrbvmexec of the file src/vm.c of the component JMPNOT-to-JMPIF Optimization. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been published and may be used. This...

EUVD-2020-7847

Malware in sbrugna...

EUVD-2022-28027

Malicious code in bioql PyPI...

CVE-2024-33258

Jerryscript commit ff9ff8f was discovered to contain a segmentation violation via the component vmloop at jerry-core/vm/vm.c...

CVE-2024-33258

Jerryscript commit ff9ff8f was discovered to contain a segmentation violation via the component vmloop at jerry-core/vm/vm.c...

CVE-2024-33258

Jerryscript commit ff9ff8f was discovered to contain a segmentation violation via the component vmloop at jerry-core/vm/vm.c...

CVE-2024-33258

Jerryscript commit ff9ff8f was discovered to contain a segmentation violation via the component vmloop at jerry-core/vm/vm.c...

CVE-2023-31920

Jerryscript 3.0 commit 05dbbd1 was discovered to contain an Assertion Failure via the vmloop at jerry-core/vm/vm.c...

CVE-2023-31920

Jerryscript 3.0 commit 05dbbd1 was discovered to contain an Assertion Failure via the vmloop at jerry-core/vm/vm.c...

CVE-2023-30414

Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component vmloop at /jerry-core/vm/vm.c...

NULL Pointer Dereference

Description There is a NULL Pointer Dereference in mrbvmexec vm.c:1929. This bug has been found on mruby lastest commit hash c2f7ed514dfa0fcae2e7e72d51f25be3d3d6d72c on Ubuntu 20.04 for x8664/amd64. Proof of Concept 1- Clone repo and build with ASAN using MRUBYCONFIG=buildconfig/clang-asan.rb rak...

Out-of-Bounds Read

mruby is vulnerable to out-of-bound read. The vulnerability exists due to a lack of sanitization in the vm.c file, allowing attackers to read sensitive information using memory locations or crash the system...

Out-of-Bounds Read

mruby is vulnerable to out-of-bound read. The vulnerability exists due to a lack of sanitization in the vm.c file, allowing attackers to read sensitive information using memory locations or crash the system...

CVE-2022-22893

Jerryscript 3.0.0 was discovered to contain a stack overflow via vmloop.ltopriv.304 in /jerry-core/vm/vm.c...

mruby buffer overflow vulnerability (CNVD-2020-42943)

mruby is a lightweight implementation of the Ruby language. A buffer overflow vulnerability exists in the 'mrbyieldwithclass' function in the vm.c file in mruby 2.1.2-rc and earlier. The vulnerability stems from a networked system or product performing operations in memory without properly...

CVE-2020-15866

mruby through 2.1.2-rc has a heap-based buffer overflow in the mrbyieldwithclass function in vm.c because of incorrect VM stack handling. It can be triggered via the stackcopy function...

shopify-scripts: Null pointer dereference in ary_concat

PoC === The following demonstrates a crash: def f end @a = f &:s Debug info ========== mruby crashes in array.c:260 due to a null pointer dereference. 256│ aryconcatmrbstate mrb, struct RArray a, struct RArray a2 257│ 258│ mrbint len; 259│ 260├ if a2-len ARYMAXSIZE - a-len 261│ mrbraisemrb,...