A security vulnerability has been detected in mrubyc up to 3.4. This impacts the function mrbcrawrealloc of the file src/alloc.c. Such manipulation of the argument ptr leads to null pointer dereference. An attack has to be approached locally. The name of the patch is 009111904807b8567262036bf45297c3da8f1c87. It is advisable to implement a patch to correct this issue.
[
{
"digest": {
"length": 1160.0,
"function_hash": "79142215126855726851561168407461939967"
},
"target": {
"file": "src/alloc.c",
"function": "mrbc_raw_realloc"
},
"id": "CVE-2025-13397-c074f359",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/mrubyc/mrubyc/commit/009111904807b8567262036bf45297c3da8f1c87"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"252907259741965015429048688671865759136",
"31793476453168332436203216682406175085",
"96407396698854802965844241235553744214",
"156002919658214048247621089207244992631",
"12677554200944974588762101313805173149"
]
},
"target": {
"file": "src/alloc.c"
},
"id": "CVE-2025-13397-c8069b31",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"source": "https://github.com/mrubyc/mrubyc/commit/009111904807b8567262036bf45297c3da8f1c87"
}
]
"2026-04-12T13:38:15Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-13397.json"