Main Vulnerability Database Vulnerabilities #VU39951

#VU39951 Input validation error in Ruby - CVE-2016-2337

Published: January 6, 2017 / Updated: August 9, 2020

Vulnerability identifier: #VU39951

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2016-2337

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Ruby

Software vendor:
Ruby

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution. <a href="http://cwe.mitre.org/data/definitions/843.html">CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')</a>

Remediation

Install update from vendor's website.

External links

http://www.securityfocus.com/bid/91233
http://www.talosintelligence.com/reports/TALOS-2016-0031/
https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html
https://security.gentoo.org/glsa/201710-18