Published: 24/11/2012 Updated: 04/05/2013

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent malicious users to create files in unexpected locations or with unexpected names via a NUL byte in a file path.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ruby-lang ruby 2.0.0
ruby-lang ruby 1.9.3

Several security issues were fixed in Ruby ...

Synopsis Moderate: ruby security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated ruby packages that fix two security issues and one bug are nowavailable for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact Commo ...

Synopsis Moderate: Red Hat OpenShift Enterprise 111 update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Enterprise 111 is now availableThe Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerability Scoring System (CVSS) base scores, ...

CWE-264 http://www.openwall.com/lists/oss-security/2012/10/13/1 http://www.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability/http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37163 http://www.openwall.com/lists/oss-security/2012/10/12/6 http://www.openwall.com/lists/oss-security/2012/10/16/1 http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090515.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090235.html http://rhn.redhat.com/errata/RHSA-2013-0129.html https://usn.ubuntu.com/1614-1/https://nvd.nist.gov

CVE-2012-4522

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect