UBUNTU-CVE-2025-7207

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-7207

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-7207.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-7207

Upstream

CVE-2025-7207

Published

2025-07-09T01:15:00Z

Modified

2026-01-20T18:45:36.646208Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 1fdd96104180cc0fb5d3cb086b05ab6458911bb9. It is recommended to apply a patch to fix this issue.

References

Affected packages

Ubuntu:16.04:LTS

mruby

Package

Name: mruby
Purl: pkg:deb/ubuntu/mruby@1.2.0+20160315+git4f20d58a-1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.1.0+20150817+gita1731254-1

1.1.0+20150906+git1cbbb7e1-1

1.2.0+20160315+git4f20d58a-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libmruby-dev",
            "binary_version": "1.2.0+20160315+git4f20d58a-1"
        },
        {
            "binary_name": "mruby",
            "binary_version": "1.2.0+20160315+git4f20d58a-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-7207.json"

Ubuntu:18.04:LTS

mruby

Package

Name: mruby
Purl: pkg:deb/ubuntu/mruby@1.4.0-1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.0-1

1.3.0+20170925+git38185028-1

1.3.0+20171029+git77edafb0-1

1.4.0-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libmruby-dev",
            "binary_version": "1.4.0-1"
        },
        {
            "binary_name": "mruby",
            "binary_version": "1.4.0-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-7207.json"

Ubuntu:20.04:LTS

mruby

Package

Name: mruby
Purl: pkg:deb/ubuntu/mruby@2.0.0-1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.0.0-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libmruby-dev",
            "binary_version": "2.0.0-1"
        },
        {
            "binary_name": "mruby",
            "binary_version": "2.0.0-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-7207.json"

Ubuntu:22.04:LTS

mruby

Package

Name: mruby
Purl: pkg:deb/ubuntu/mruby@3.0.0-3?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.1.2-3

3.*

3.0.0-1

3.0.0-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libmruby-dev",
            "binary_version": "3.0.0-3"
        },
        {
            "binary_name": "mruby",
            "binary_version": "3.0.0-3"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-7207.json"

Ubuntu:24.04:LTS

mruby

Package

Name: mruby
Purl: pkg:deb/ubuntu/mruby@3.2.0-2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.2.0-1

3.2.0-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libmruby-dev",
            "binary_version": "3.2.0-2"
        },
        {
            "binary_name": "mruby",
            "binary_version": "3.2.0-2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-7207.json"

Ubuntu:25.10

mruby

Package

Name: mruby
Purl: pkg:deb/ubuntu/mruby@3.3.0-1?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.3.0-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libmruby-dev",
            "binary_version": "3.3.0-1"
        },
        {
            "binary_name": "mruby",
            "binary_version": "3.3.0-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-7207.json"