CVE-2009-4124

Name of the Vulnerable Software and Affected Versions Ruby versions 1.9.1 before 1.9.1-p376

Description The issue is a heap-based buffer overflow in the rb str justify function, allowing context-dependent attackers to execute arbitrary code. This can be achieved via unspecified vectors involving the String#ljust, String#center, or String#rjust functions.

Recommendations For Ruby versions 1.9.1 before 1.9.1-p376, update to version 1.9.1-p376 or later to resolve the issue. As a temporary workaround, consider restricting the use of the String#ljust, String#center, and String#rjust functions until a patch is applied.