Description
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.
Remediation
References
Related Vulnerabilities
WordPress Plugin Gravity Upload Ajax Arbitrary File Upload (1.1)
Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2019-3823)
WordPress Plugin WORDPRESS VIDEO GALLERY Multiple Cross-Site Request Forgery Vulnerabilities (2.8)
Joomla! Core 3.3.x Remote File Inclusion (3.3.0 - 3.3.4)
Oracle Application Server Other Vulnerability (CVE-2002-0569)