PT-2016-1602 · Libffi+4 · Libffi+4

Christian Hofstaedtler

Published

2016-01-12

Updated

2024-06-15

CVE-2015-7551

CVSS v3.1

8.4

High

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ruby versions prior to 2.0.0-p648 Ruby versions prior to 2.1.8 Ruby versions prior to 2.2.4

Description The issue arises from insufficient input validation in the Fiddle::Handle implementation, allowing a local attacker to execute arbitrary code or cause a denial of service via a specially crafted string related to the DL module and the libffi library. This vulnerability is a result of a regression of a previously fixed issue.

Recommendations For Ruby versions prior to 2.0.0-p648, update to version 2.0.0-p648 or later. For Ruby versions prior to 2.1.8, update to version 2.1.8 or later. For Ruby versions prior to 2.2.4, update to version 2.2.4 or later.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2016-2061

BDU:2016-00903

CVE-2015-7551

MGASA-2016-0007

OPENSUSE-SU-2017_0933-1

OPENSUSE-SU-2017_1128-1

OPENSUSE-SU-2024:10481-1

RHSA-2018:0583

RHSA-2026:7305

RHSA-2026:7307

RHSA-2026:8838

SUSE-SU-2017:0948-1

SUSE-SU-2017:1067-1

USN-3365-1

Affected Products

Alt Linux

Ruby

Suse

Ubuntu

Libffi

PT-2016-1602 · Libffi+4 · Libffi+4

CVE-2015-7551

Weakness Enumeration

Related Identifiers

Affected Products

References · 46