DEBIAN-CVE-2026-1979

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2026-1979

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-1979.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-1979

Upstream

CVE-2026-1979

Published

2026-02-06T05:16:12.667Z

Modified

2026-02-28T10:01:26.371192Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A flaw has been found in mruby up to 3.4.0. This affects the function mrbvmexec of the file src/vm.c of the component JMPNOT-to-JMPIF Optimization. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been published and may be used. This patch is called e50f15c1c6e131fa7934355eb02b8173b13df415. It is advisable to implement a patch to correct this issue.

References

https://security-tracker.debian.org/tracker/CVE-2026-1979

Affected packages

Debian:11 / mruby

Package

Name: mruby
Purl: pkg:deb/debian/mruby?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.1.2-3

3.*

3.0.0-1

3.0.0-2

3.0.0-3

3.0.0-4

3.1.0-1

3.1.0-2

3.1.0-3

3.2.0-1

3.2.0-2

3.3.0~rc2-1

3.3.0-1

3.4.0-1~exp1

3.4.0-1~exp2

3.4.0-1

3.4.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-1979.json"

Debian:12 / mruby

Package

Name: mruby
Purl: pkg:deb/debian/mruby?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.1.0-3

3.2.0-1

3.2.0-2

3.3.0~rc2-1

3.3.0-1

3.4.0-1~exp1

3.4.0-1~exp2

3.4.0-1

3.4.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-1979.json"

Debian:13 / mruby

Package

Name: mruby
Purl: pkg:deb/debian/mruby?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.3.0-1

3.4.0-1~exp1

3.4.0-1~exp2

3.4.0-1

3.4.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-1979.json"

Debian:14 / mruby

Package

Name: mruby
Purl: pkg:deb/debian/mruby?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.3.0-1

3.4.0-1~exp1

3.4.0-1~exp2

3.4.0-1

3.4.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-1979.json"