{"id":"CVE-2025-13397","details":"A security vulnerability has been detected in mrubyc up to 3.4. This impacts the function mrbc_raw_realloc of the file src/alloc.c. Such manipulation of the argument ptr leads to null pointer dereference. An attack has to be approached locally. The name of the patch is 009111904807b8567262036bf45297c3da8f1c87. It is advisable to implement a patch to correct this issue.","modified":"2026-04-02T12:32:36.916243Z","published":"2025-11-19T16:15:47.347Z","references":[{"type":"ADVISORY","url":"https://vuldb.com/?id.332925"},{"type":"ADVISORY","url":"https://vuldb.com/?submit.692130"},{"type":"REPORT","url":"https://github.com/mrubyc/mrubyc/issues/244"},{"type":"REPORT","url":"https://github.com/mrubyc/mrubyc/issues/244#issuecomment-3400382026"},{"type":"REPORT","url":"https://vuldb.com/?ctiid.332925"},{"type":"FIX","url":"https://github.com/mrubyc/mrubyc/commit/009111904807b8567262036bf45297c3da8f1c87"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mrubyc/mrubyc","events":[{"introduced":"0"},{"last_affected":"5d8147f5e8b621c59ca4aa56d846d1d114f0fc8a"},{"fixed":"009111904807b8567262036bf45297c3da8f1c87"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.4"}]}}],"versions":["beta2","beta3","beta4","release1.0","release1.1","release1.1RC1","release1.1RC2","release1.2","release2.0","release2.1","release3.1","release3.2","release3.2-beta1","release3.2-rc1","release3.3","release3.3.1","release3.4"],"database_specific":{"vanir_signatures":[{"digest":{"function_hash":"79142215126855726851561168407461939967","length":1160},"id":"CVE-2025-13397-c074f359","target":{"function":"mrbc_raw_realloc","file":"src/alloc.c"},"deprecated":false,"signature_version":"v1","source":"https://github.com/mrubyc/mrubyc/commit/009111904807b8567262036bf45297c3da8f1c87","signature_type":"Function"},{"digest":{"line_hashes":["252907259741965015429048688671865759136","31793476453168332436203216682406175085","96407396698854802965844241235553744214","156002919658214048247621089207244992631","12677554200944974588762101313805173149"],"threshold":0.9},"id":"CVE-2025-13397-c8069b31","target":{"file":"src/alloc.c"},"deprecated":false,"signature_version":"v1","source":"https://github.com/mrubyc/mrubyc/commit/009111904807b8567262036bf45297c3da8f1c87","signature_type":"Line"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-13397.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}