An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_…
An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.
The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer.
https://cwe.mitre.org/data/definitions/805.html →Open in CWE collection →The product uses or accesses a resource that has not been initialized.
https://cwe.mitre.org/data/definitions/908.html →Open in CWE collection →Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequence, an adversary is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the adversaries' choice.
https://capec.mitre.org/data/definitions/100.html →Open in CAPEC collection →An attacker sends a SOAP request with an array whose actual length exceeds the length indicated in the request. If the server processing the transmission naively trusts the specified size, then an attacker can intentionally understate the size of the array, possibly resulting in a buffer overflow if the server attempts to read the entire data set into the memory it allocated for a smaller array.
https://capec.mitre.org/data/definitions/256.html →Open in CAPEC collection →| Product | Vendor | Status |
|---|---|---|
| rh-ruby25-ruby | Tracked | |
| rh-ruby25-ruby | Tracked | |
| rh-ruby25-ruby | Tracked | |
| rh-ruby26-ruby | Tracked | |
| rh-ruby26-ruby | Tracked | |
| ruby | Tracked | |
| ruby | Tracked | |
| ruby | Tracked | |
| ruby | Tracked | |
| ruby1.9.1 | Tracked | |
| ruby2.0 | Tracked | |
| ruby2.1 | Tracked | |
| ruby2.3 | Tracked | |
| ruby2.3 | Tracked | |
| ruby2.5 | Tracked | |
| ruby2.5 | Tracked | |
| ruby2.5 | Tracked | |
| ruby2.7 | Tracked | |
| ruby2.7 | Tracked | |
| ruby2.7 | Tracked |