Description
mrubyc through release3.4.1 was found to contain an out-of-bounds read in builtin missing-method lookup inside mrbc_find_method().
Published: 2026-07-06
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

mrubyc through release3.4.1 contains an out‑of‑bounds read in the builtin missing‑method lookup performed by mrbc_find_method(). An attacker executing code that triggers this lookup could read arbitrary memory contents, potentially exposing sensitive data or compromising system confidentiality. The vulnerability is a classic out‑of‑bounds read, which can be exploited by feeding crafted data that causes mrbc_find_method() to access memory beyond the intended bounds.

Affected Systems

The affected product is mrubyc, specifically releases up to and including 3.4.1.

Risk and Exploitability

The CVSS score is not provided, but the lack of an EPSS score and the absence from the CISA KEV catalog suggest low current exploitation likelihood. The attack vector is inferred to be local or potentially remote if mrubyc services data externally; however, the description does not specify network exposure. The exploit conditions require triggering the missing‑method lookup in mrbc_find_method(), which may be possible through malformed input or constructed method calls. Overall risk is moderate, primarily due to potential data disclosure rather than remote code execution.

Generated by OpenCVE AI on July 7, 2026 at 06:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade mrubyc to the latest version that contains the fix referenced in commit f83a8b67ca1c7c62ac0dd548a363d79f767c4e30
  • If an upgrade is not immediately feasible, audit usage of missing‑method lookup and restrict inputs that could trigger the vulnerable path
  • Regularly review mrubyc security advisories and GitHub issues for new patches or workarounds

Generated by OpenCVE AI on July 7, 2026 at 06:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Jul 2026 06:45:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Read in Built‑in Method Lookup of mrubyc
Weaknesses CWE-125

Mon, 06 Jul 2026 21:45:00 +0000

Type Values Removed Values Added
Description mrubyc through release3.4.1 was found to contain an out-of-bounds read in builtin missing-method lookup inside mrbc_find_method().
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-07-06T21:16:21.400Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-38973

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-07T06:30:16Z

Weaknesses