Description

An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.

Remediation

References

CVE-2016-2339

Related Vulnerabilities

Jenkins Protection Mechanism Failure Vulnerability (CVE-2021-21690 )

MySQL CVE-2015-0505 Vulnerability (CVE-2015-0505)

Drupal Other Vulnerability (CVE-2006-2742)

Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-26876)

WordPress Plugin CYSTEME Finder, the admin files explorer Cross-Site Request Forgery (1.4)

Severity

Critical

Classification

CVE-2016-2339 CWE-119 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities