CVE-2016-2339

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ruby (affected versions not specified)

Description A heap overflow issue exists in the Fiddle::Function.new "initialize" function functionality of Ruby. The heap buffer "arg types" allocation is made based on the args array length. A specially constructed object passed as an element of the args array can increase this array size after the mentioned allocation and cause a heap overflow. This can potentially allow a remote attacker to cause a denial of service or buffer overflow by modifying the array length.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2017-01650

CVE-2016-2339

DLA-1421-1

MGASA-2017-0290

OPENSUSE-SU-2017_0933-1

OPENSUSE-SU-2017_1128-1

SUSE-SU-2017:0914-1

SUSE-SU-2017:1067-1

SUSE-SU-2020:1570-1

SUSE-SU-2020_1570-1

USN-3365-1

Affected Products

Ruby

Suse

Ubuntu

CVE-2016-2339

Weakness Enumeration

Related Identifiers

Affected Products

References · 267