Description
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.
Remediation
References
Related Vulnerabilities
XWiki Missing Authorization Vulnerability (CVE-2023-41046)
Zenphoto Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-36079)
Oracle Database Server CVE-2011-0806 Vulnerability (CVE-2011-0806)
TYPO3 Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2014-9508)