Description

An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.

Remediation

References

CVE-2016-2339

Related Vulnerabilities

WordPress Plugin wp Dreamwork Gallery 'upload.php' Arbitrary File Upload (2.1)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3383)

phpMyAdmin CVE-2017-18264 Vulnerability (CVE-2017-18264)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-1755)

WordPress Plugin Usernoise modal feedback/contact form Cross-Site Scripting (3.7.8)

Severity

Critical

Classification

CVE-2016-2339 CWE-119 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities