CVE-2025-13397
BaseFortify
Publication date: 2025-11-19
Last updated on: 2025-12-01
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| s-itoc | mruby\/c | to 3.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in mrubyc up to version 3.4, specifically in the function mrbc_raw_realloc within the src/alloc.c file. It involves manipulation of the argument ptr that leads to a null pointer dereference. Exploiting this vulnerability requires local access to the system.
How can this vulnerability impact me? :
The vulnerability can cause a null pointer dereference, which may lead to a denial of service or application crash. Since the attack must be local, the impact is limited to users or processes with local access. The CVSS scores indicate a low to moderate impact primarily affecting availability.
What immediate steps should I take to mitigate this vulnerability?
It is advisable to implement the patch named 009111904807b8567262036bf45297c3da8f1c87 to correct this issue.