Impact
mrubyc through release3.4.1 contains an out‑of‑bounds read in the builtin missing‑method lookup performed by mrbc_find_method(). An attacker executing code that triggers this lookup could read arbitrary memory contents, potentially exposing sensitive data or compromising system confidentiality. The vulnerability is a classic out‑of‑bounds read, which can be exploited by feeding crafted data that causes mrbc_find_method() to access memory beyond the intended bounds.
Affected Systems
The affected product is mrubyc, specifically releases up to and including 3.4.1.
Risk and Exploitability
The CVSS score is not provided, but the lack of an EPSS score and the absence from the CISA KEV catalog suggest low current exploitation likelihood. The attack vector is inferred to be local or potentially remote if mrubyc services data externally; however, the description does not specify network exposure. The exploit conditions require triggering the missing‑method lookup in mrbc_find_method(), which may be possible through malformed input or constructed method calls. Overall risk is moderate, primarily due to potential data disclosure rather than remote code execution.
OpenCVE Enrichment