CVE-2016-2339
N/A
N/A
Summary
An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Ruby | Ruby | 2.3.0 dev | affected |
| Ruby | Ruby | 2.2.2 | affected |
Weaknesses
- heap overflow vulnerability
ADP Enrichment
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html
- http://www.securityfocus.com/bid/91234
- http://www.talosintelligence.com/reports/TALOS-2016-0034/
References
- https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html
- http://www.securityfocus.com/bid/91234
- http://www.talosintelligence.com/reports/TALOS-2016-0034/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.