{"id":"CVE-2025-13120","details":"A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is eb398971bfb43c38db3e04528b68ac9a7ce509bc. It is advisable to implement a patch to correct this issue.","modified":"2026-04-02T12:32:34.908512Z","published":"2025-11-13T16:15:51.100Z","references":[{"type":"WEB","url":"https://github.com/mruby/mruby/"},{"type":"ADVISORY","url":"https://vuldb.com/?id.332325"},{"type":"ADVISORY","url":"https://vuldb.com/?submit.683435"},{"type":"REPORT","url":"https://github.com/mruby/mruby/issues/6649#issue-3534393003"},{"type":"REPORT","url":"https://vuldb.com/?ctiid.332325"},{"type":"REPORT","url":"https://github.com/makesoftwaresafe/mruby/pull/263"},{"type":"REPORT","url":"https://github.com/mruby/mruby/issues/6649"},{"type":"FIX","url":"https://github.com/mruby/mruby/commit/eb398971bfb43c38db3e04528b68ac9a7ce509bc"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mruby/mruby","events":[{"introduced":"0"},{"last_affected":"a309524d0bc90eef077a24634db2495a6f68e318"},{"fixed":"eb398971bfb43c38db3e04528b68ac9a7ce509bc"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.4.0"}]}}],"versions":["1.0.0","1.1.0","1.2.0","1.3.0","1.4.0","1.4.1","2.0.0","2.0.1","2.1.0","2.1.0-rc","2.1.1","2.1.1-rc","2.1.1-rc2","2.1.2","2.1.2-rc","2.1.2-rc2","3.0.0","3.0.0-preview","3.0.0-rc","3.1.0","3.1.0-rc","3.1.0-rc2","3.2.0","3.2.0-rc","3.2.0-rc2","3.2.0-rc3","3.2.0-rc4","3.3.0","3.3.0-rc","3.3.0-rc2","3.4.0","3.4.0-rc","3.4.0-rc2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-13120.json","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["106735729729869236870795047255687425000","90299707028041641641292446968669987804","235598120627690113665834650147724635390","22976043955567767894389378994884520048","104341527859315864258126365558036500442","310438564539223903548213756483945658774","311892257740732880470878974558553218736","140229556377567758962507651173205991984","153955181957920876223572646275851522747","308466678630303098267546856925214420345","290749784403268547241825161301659604796","146310303753228597407784695875469933192","177301362055980948576603928402778731525","225717538188253171270909927789091858290","203436831666483383987340079647020245680","254224303390350337509807082607172893797","189885082185071567535083091730694334740","100588416079034929326720669240548647282","128548331433059251045607594590741994208","308870714209034894697290411824549845554"]},"id":"CVE-2025-13120-1e6e0fc9","source":"https://github.com/mruby/mruby/commit/eb398971bfb43c38db3e04528b68ac9a7ce509bc","signature_type":"Line","deprecated":false,"target":{"file":"src/array.c"},"signature_version":"v1"},{"digest":{"length":559,"function_hash":"34621261036828285842666461858266801461"},"id":"CVE-2025-13120-205c1929","source":"https://github.com/mruby/mruby/commit/eb398971bfb43c38db3e04528b68ac9a7ce509bc","signature_type":"Function","deprecated":false,"target":{"file":"src/array.c","function":"heapify"},"signature_version":"v1"},{"digest":{"length":1224,"function_hash":"44244679024109628000605213618771014553"},"id":"CVE-2025-13120-919f0d23","source":"https://github.com/mruby/mruby/commit/eb398971bfb43c38db3e04528b68ac9a7ce509bc","signature_type":"Function","deprecated":false,"target":{"file":"src/array.c","function":"sort_cmp"},"signature_version":"v1"},{"digest":{"length":362,"function_hash":"315588603539289175991964389033193065737"},"id":"CVE-2025-13120-da4ae5ca","source":"https://github.com/mruby/mruby/commit/eb398971bfb43c38db3e04528b68ac9a7ce509bc","signature_type":"Function","deprecated":false,"target":{"file":"src/array.c","function":"insertion_sort"},"signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}