The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby prior to 2.0.0-p648, 2.1 prior to 2.1.8, and 2.2 prior to 2.2.4, as distributed in Apple OS X prior to 10.11.4 and other products, mishandles tainting, which allows context-dependent malicious users to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple mac os x |
||
ruby-lang ruby 2.1.6 |
||
ruby-lang ruby 2.1.5 |
||
ruby-lang ruby 2.2.0 |
||
ruby-lang ruby 2.1.7 |
||
ruby-lang ruby |
||
ruby-lang ruby 2.2.2 |
||
ruby-lang ruby 2.2.1 |
||
ruby-lang ruby 2.1.2 |
||
ruby-lang ruby 2.1.1 |
||
ruby-lang ruby 2.1.0 |
||
ruby-lang ruby 2.2.3 |
||
ruby-lang ruby 2.1.4 |
||
ruby-lang ruby 2.1.3 |