csaf_microsoft - msrc

msrc_cve-2025-7207

Vulnerability from csaf_microsoft

Published

2025-07-02 00:00

Modified

2025-09-04 02:39

Summary

mruby nregs codegen.c scope_new heap-based overflow

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2025-7207 mruby nregs codegen.c scope_new heap-based overflow - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-7207.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "mruby nregs codegen.c scope_new heap-based overflow",
    "tracking": {
      "current_release_date": "2025-09-04T02:39:43.000Z",
      "generator": {
        "date": "2025-10-20T03:36:12.160Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2025-7207",
      "initial_release_date": "2025-07-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-09-04T02:39:43.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              },
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "category": "product_name",
            "name": "cbl2 rust 1.72.0-10",
            "product": {
              "name": "cbl2 rust 1.72.0-10",
              "product_id": "4"
            }
          },
          {
            "category": "product_name",
            "name": "azl3 rust 1.75.0-16",
            "product": {
              "name": "azl3 rust 1.75.0-16",
              "product_id": "5"
            }
          },
          {
            "category": "product_name",
            "name": "cbl2 nghttp2 1.57.0-2",
            "product": {
              "name": "cbl2 nghttp2 1.57.0-2",
              "product_id": "3"
            }
          },
          {
            "category": "product_name",
            "name": "azl3 nghttp2 1.61.0-2",
            "product": {
              "name": "azl3 nghttp2 1.61.0-2",
              "product_id": "1"
            }
          },
          {
            "category": "product_name",
            "name": "azl3 rust 1.86.0-3",
            "product": {
              "name": "azl3 rust 1.86.0-3",
              "product_id": "2"
            }
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 rust 1.72.0-10 as a component of CBL Mariner 2.0",
          "product_id": "17086-4"
        },
        "product_reference": "4",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 rust 1.75.0-16 as a component of Azure Linux 3.0",
          "product_id": "17084-5"
        },
        "product_reference": "5",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 nghttp2 1.57.0-2 as a component of CBL Mariner 2.0",
          "product_id": "17086-3"
        },
        "product_reference": "3",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 nghttp2 1.61.0-2 as a component of Azure Linux 3.0",
          "product_id": "17084-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 rust 1.86.0-3 as a component of Azure Linux 3.0",
          "product_id": "17084-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17084"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-7207",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "flags": [
        {
          "label": "component_not_present",
          "product_ids": [
            "17086-4",
            "17084-5",
            "17086-3",
            "17084-1",
            "17084-2"
          ]
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "VulDB",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "17086-4",
          "17084-5",
          "17086-3",
          "17084-1",
          "17084-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-7207 mruby nregs codegen.c scope_new heap-based overflow - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-7207.json"
        }
      ],
      "title": "mruby nregs codegen.c scope_new heap-based overflow"
    }
  ]
}

CVE-2025-7207 (GCVE-0-2025-7207)

Vulnerability from cvelistv5

Published

2025-07-09 00:02

Modified

2025-07-09 13:08

Severity ?

1.9 (Low) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3.3 (Low) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CWE

CWE-122 - Heap-based Buffer Overflow
CWE-119 - Memory Corruption

Summary

A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 1fdd96104180cc0fb5d3cb086b05ab6458911bb9. It is recommended to apply a patch to fix this issue.

References

URL

Tags

	https://vuldb.com/?id.315156	vdb-entry, technical-description
	https://vuldb.com/?ctiid.315156	signature, permissions-required
	https://vuldb.com/?submit.607683	third-party-advisory
	https://github.com/mruby/mruby/issues/6509	issue-tracking
	https://github.com/mruby/mruby/issues/6509#event-17145516649	issue-tracking
	https://github.com/user-attachments/files/19619499/mruby_crash.txt	exploit
	https://github.com/mruby/mruby/commit/1fdd96104180cc0fb5d3cb086b05ab6458911bb9	patch

Impacted products

	Vendor	Product	Version
	n/a	mruby	Version: 3.4.0-rc1 Version: 3.4.0-rc2

Show details on NVD website