CVE-2016-2339

Summary

An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.

Affected Software

VendorProductVersion RangeStatus
RubyRuby2.3.0 devaffected
RubyRuby2.2.2affected

Weaknesses

  • heap overflow vulnerability

ADP Enrichment

CVE Program Container

Additional References

References