Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

mruby — Vulnerabilities & Security Advisories 23

Browse all 23 CVE security advisories affecting mruby. AI-powered Chinese analysis, POCs, and references for each vulnerability.

mruby is a lightweight, embeddable implementation of the Ruby programming language designed primarily for resource-constrained environments, including embedded systems, IoT devices, and game engines. Its core utility lies in providing a full-featured scripting language with a minimal footprint, enabling developers to integrate dynamic logic into static applications. Historically, the codebase has been associated with twenty-three recorded CVEs, predominantly involving memory corruption issues such as buffer overflows and use-after-free errors. These flaws often stem from unsafe handling of string operations and improper bounds checking within the interpreter’s core modules. While not typically exposed directly to the public internet, vulnerabilities can lead to remote code execution if the host application fails to isolate the script execution environment. The project maintains a focus on stability and security through rigorous testing, though its embedded nature requires careful integration practices to mitigate potential exploitation risks in production deployments.

Found 23 results / 23Clear Filters
Top products by mruby: mruby/mruby
CVE IDTitleCVSSSeverityPublished
CVE-2022-1934 Use After Free in mruby/mruby — mruby/mrubyCWE-416 7.8 -2022-05-31
CVE-2022-1427 Out-of-bounds Read in mrb_obj_is_kind_of in in mruby/mruby — mruby/mrubyCWE-125 7.8 -2022-04-22
CVE-2022-1286 heap-buffer-overflow in mrb_vm_exec in mruby/mruby in mruby/mruby — mruby/mrubyCWE-122 8.4 -2022-04-10
CVE-2022-1276 Out-of-bounds Read in mrb_get_args in mruby/mruby — mruby/mrubyCWE-125 9.8 -2022-04-10
CVE-2022-1212 Use-After-Free in str_escape in mruby/mruby in mruby/mruby — mruby/mrubyCWE-416 8.4 -2022-04-05
CVE-2022-1201 NULL Pointer Dereference in mrb_vm_exec with super in mruby/mruby — mruby/mrubyCWE-476 7.1 -2022-04-02
CVE-2022-1106 use after free in mrb_vm_exec in mruby/mruby — mruby/mrubyCWE-416 7.9 -2022-03-27
CVE-2022-1071 User after free in mrb_vm_exec in mruby/mruby — mruby/mrubyCWE-416 8.2 -2022-03-26
CVE-2022-0890 NULL Pointer Dereference in mruby/mruby — mruby/mrubyCWE-476 5.5 -2022-03-10
CVE-2022-0717 Out-of-bounds Read in mruby/mruby — mruby/mrubyCWE-125 8.1 -2022-02-23
CVE-2022-0632 NULL Pointer Dereference in mruby/mruby — mruby/mrubyCWE-476 5.5 -2022-02-19
CVE-2022-0630 Out-of-bounds Read in mruby/mruby — mruby/mrubyCWE-125 9.1 -2022-02-19
CVE-2022-0631 Heap-based Buffer Overflow in mruby/mruby — mruby/mrubyCWE-122 7.8 -2022-02-18
CVE-2022-0623 Out-of-bounds Read in mruby/mruby — mruby/mrubyCWE-125 9.1 -2022-02-17
CVE-2022-0614 Use of Out-of-range Pointer Offset in mruby/mruby — mruby/mrubyCWE-823 7.1 -2022-02-16
CVE-2022-0570 Heap-based Buffer Overflow in mruby/mruby — mruby/mrubyCWE-122 7.8 -2022-02-13
CVE-2022-0525 Out-of-bounds Read in mruby/mruby — mruby/mrubyCWE-125 9.1 -2022-02-09
CVE-2022-0481 NULL Pointer Dereference in mruby/mruby — mruby/mrubyCWE-476 5.5 -2022-02-04
CVE-2022-0326 NULL Pointer Dereference in mruby/mruby — mruby/mrubyCWE-476 5.5 -2022-01-21
CVE-2022-0240 NULL Pointer Dereference in mruby/mruby — mruby/mrubyCWE-476 7.5 -2022-01-17
CVE-2022-0080 Heap-based Buffer Overflow in mruby/mruby — mruby/mrubyCWE-122 9.8 -2022-01-02
CVE-2021-4188 NULL Pointer Dereference in mruby/mruby — mruby/mrubyCWE-476 7.5 -2021-12-30
CVE-2021-4110 NULL Pointer Dereference in mruby/mruby — mruby/mrubyCWE-476 7.5 -2021-12-15

This page lists every published CVE security advisory associated with mruby. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.