Heap-based buffer overflow in Ruby 1.8, 1.9 prior to 1.9.3-p484, 2.0 prior to 2.0.0-p353, 2.1 prior to 2.1.0 preview2, and trunk before revision 43780 allows context-dependent malicious users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ruby-lang ruby 2.1 |
||
ruby-lang ruby 2.0.0 |
||
ruby-lang ruby 1.9 |
||
ruby-lang ruby 1.9.3 |
||
ruby-lang ruby 1.9.1 |
||
ruby-lang ruby 1.9.2 |
||
ruby-lang ruby 1.8 |