Description

An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow.

Remediation

References

CVE-2016-2338

Related Vulnerabilities

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-7985)

WordPress Plugin UK Cookie Consent Cross-Site Scripting (2.3.9)

WebLogic CVE-2020-14645 Vulnerability (CVE-2020-14645)

Joomla! Core 1.5.x Security Bypass (1.5.0 - 1.5.5)

WordPress Plugin fMoblog 'id' Parameter SQL Injection (2.1)

Severity

Critical

Classification

CVE-2016-2338 CWE-787 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities