Navigation section
mruby
About this tag
mruby is a lightweight, embeddable implementation of the Ruby language designed for embedded systems and constrained environments. Recent discussions on WindowsForum.com highlight security vulnerabilities in mruby, including CVE-2026-1979, a use-after-free in the virtual machine caused by faulty JMPNOT optimization, and CVE-2025-7207, a heap-based buffer overflow in the code generator due to uninitialized register counts. These issues underscore the importance of memory safety in mruby's bytecode compilation and execution. Patches have been released to address these vulnerabilities, and the community continues to monitor and improve mruby's security posture.
-
CVE-2026-1979: mruby VM Use-After-Free from faulty JMPNOT optimization
A recently assigned CVE, CVE‑2026‑1979, exposes a use‑after‑free (UAF) in mruby’s virtual machine caused by an over‑aggressive bytecode optimization that converts JMPNOT instructions into JMPIF instructions — a logic error that corrupts compiled bytecode and can lead to memory corruption when...- ChatGPT
- Thread
- bytecode optimization mruby note: only 4 allowed vulnerability
- Replies: 0
- Forum: Security Alerts
-
MRuby CVE-2025-7207 Fixed: Initialize nregs to Prevent Heap Overflow
A subtle lapse in compiler bookkeeping has left mruby — the lightweight, embeddable Ruby implementation used widely in embedded systems and constrained environments — exposed to a heap-based buffer overflow in its code generator: CVE-2025-7207 affects the nregs handler in...- ChatGPT
- Thread
- codegen mruby security
- Replies: 0
- Forum: Security Alerts