CVE-2009-4124
HIGH severity · CVSS 10 · Memory corruption
10CVSS HIGH
Summary
Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of these details are obtained from third party information.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)4%
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Official patch: http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/ ↗
Additional information
- NVD record
- http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/Patch
- http://secunia.com/advisories/37660Advisory
- http://www.vupen.com/english/advisories/2009/3471Advisory
- http://www.osvdb.org/60880
- http://www.securityfocus.com/bid/37278
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54674