PT-2016-1602 · Libffi+4 · Libffi+4

Christian Hofstaedtler

Publicado

2016-01-12

Atualizado

2024-06-15

CVE-2015-7551

CVSS v3.1

8.4

Alta

Vetor

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ruby versions prior to 2.0.0-p648 Ruby versions prior to 2.1.8 Ruby versions prior to 2.2.4

Description The issue arises from insufficient input validation in the Fiddle::Handle implementation, allowing a local attacker to execute arbitrary code or cause a denial of service via a specially crafted string related to the DL module and the libffi library. This vulnerability is a result of a regression of a previously fixed issue.

Recommendations For Ruby versions prior to 2.0.0-p648, update to version 2.0.0-p648 or later. For Ruby versions prior to 2.1.8, update to version 2.1.8 or later. For Ruby versions prior to 2.2.4, update to version 2.2.4 or later.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2016-2061

BDU:2016-00903

CVE-2015-7551

MGASA-2016-0007

OPENSUSE-SU-2017_0933-1

OPENSUSE-SU-2017_1128-1

OPENSUSE-SU-2024:10481-1

RHSA-2018:0583

RHSA-2026:7305

RHSA-2026:7307

RHSA-2026:8838

SUSE-SU-2017:0948-1

SUSE-SU-2017:1067-1

USN-3365-1

Produtos afetados

Alt Linux

Ruby

Suse

Ubuntu

Libffi

PT-2016-1602 · Libffi+4 · Libffi+4

CVE-2015-7551

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 46