Description

An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.

Remediation

References

CVE-2016-2339

Related Vulnerabilities

Elgg Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-3964)

WordPress Plugin Minimal Coming Soon & Maintenance Mode-Coming Soon Page Security Bypass (2.15)

WordPress Plugin UpdraftPlus WordPress Backup Cross-Site Scripting (1.13.4)

Chamilo Improper Privilege Management Vulnerability (CVE-2020-23128)

WordPress Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-16510)

Severity

Critical

Classification

CVE-2016-2339 CWE-119 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities