Impact
A NULL pointer dereference occurs in the mrubyc virtual machine implementation when executing the OP_SUPER instruction, due to an absent runtime guard for top‑level super. The flaw allows an improperly formed super expression to trigger a dereference of a null pointer, leading to an application crash or memory corruption. This weakness aligns with CWE‑476: NULL Pointer Dereference and can compromise the reliability of any service leveraging mrubyc.
Affected Systems
Versions of mrubyc up to and including 3.4.1 are affected. No explicit vendor or product list is provided beyond the mrubyc project; the vulnerability exists in the public source repository and applies to all installations running these versions.
Risk and Exploitability
The exploit probability (EPSS) score is unavailable and the vulnerability is not listed in the CISA KEV catalog, indicating no publicly documented exploits at this time. The CVSS score is not supplied, so the inherent severity remains unclear, but a NULL pointer dereference can cause a process to terminate or, in some environments, may be leveraged for arbitrary code execution if an attacker can control the offending pointer. The likely attack vector is inferred to be local or remotely via a malicious mrubyc script, but exact conditions are not detailed in the description.
OpenCVE Enrichment