Description

Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filenames of the backup files.

Remediation

References

CVE-2010-2489

Related Vulnerabilities

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-27848)

Sqlite Missing Release of Memory after Effective Lifetime Vulnerability (CVE-2021-45346)

WordPress Plugin AVK-Shop Multiple Cross-Site Scripting Vulnerabilities (1.1.1)

WordPress Plugin Ultimate Profile Builder By CMSHelpLive Multiple Vulnerabilities (2.3.3)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-14540)

Severity

High

Classification

CVE-2010-2489 CWE-119

Tags

Missing Update Known Vulnerabilities