#VU39952 Buffer overflow in Ruby
Vulnerability identifier: #VU39952
Vulnerability risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Ruby
Universal components / Libraries /
Scripting languages
Vendor: Ruby
Description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Ruby: 2.2.2 - 2.3.0
External links
http://www.securityfocus.com/bid/91234
http://www.talosintelligence.com/reports/TALOS-2016-0034/
http://lists.debian.org/debian-lts-announce/2018/07/msg00012.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
