Description

An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.

Remediation

References

CVE-2020-10933

Related Vulnerabilities

WordPress Plugin Content Copy Protection & Prevent Image Save Cross-Site Request Forgery (1.3)

PHP Resource Management Errors Vulnerability (CVE-2006-1991)

WordPress Plugin Multiple Page Generator-MPG Cross-Site Request Forgery (3.3.9)

WordPress Plugin WordPress Backup and Migrate-Backup Guard Unspecified Vulnerability (1.0.6)

WordPress Plugin tcS3 Cross-Site Scripting (2.1.1)

Severity

Medium

Classification

CVE-2020-10933 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities