CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2016-2337 – Ubuntu Security Notice USN-3365-1
https://notcve.org/view.php?id=CVE-2016-2337
06 Jan 2017 — Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution. Existe un tipo de confusión en el método de clase _cancel_eval Ruby's TclTkIp. El atacante que pasa un tipo diferente de objeto que una String como argumento "retval" puede provocar la ejecución de código arbitrario. It was discovered that Ruby DL::dlopen incorrectly handled opening libraries. • http://www.securityfocus.com/bid/91233 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2016-2339 – Ubuntu Security Notice USN-3365-1
https://notcve.org/view.php?id=CVE-2016-2339
06 Jan 2017 — An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow. Existe una vulnerabilidad explotable de desbordamiento de memoria dinámica en la funcionalidad Fiddle::Function.new "initialize" de Ruby. E... • http://www.securityfocus.com/bid/91234 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •