CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2015-9096
https://notcve.org/view.php?id=CVE-2015-9096
Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring. El modulo Net::SMTP de Ruby anterior a su versión 2.4.0 es vulnerable a la inyección de comandos SMTP mediante secuencias CRLF de los comandos "RCPT TO" o "MAIL FROM", como demuestra las secuencias CRLF inmediatamente antes y después de la substring DATA. • http://www.mbsd.jp/Whitepaper/smtpi.pdf https://github.com/ruby/ruby/commit/0827a7e52ba3d957a634b063bf5a391239b9ffee https://github.com/rubysec/ruby-advisory-db/issues/215 https://hackerone.com/reports/137631 https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html https://www.debian.org/security/2017/dsa-3966 • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2017-9229 – oniguruma: Invalid pointer dereference in left_adjust_char_head()
https://notcve.org/view.php?id=CVE-2017-9229
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition. Se descubrió un problema en Oniguruma versión 6.2.0, como es usado en Oniguruma-mod en Ruby hasta versión 2.4.1 y mbstring en PHP hasta versión 7.1.5. Un SIGSEGV se produce en la función left_adjust_char_head() durante la compilación de expresiones regulares. • https://access.redhat.com/errata/RHSA-2018:1296 https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d https://github.com/kkos/oniguruma/issues/59 https://access.redhat.com/security/cve/CVE-2017-9229 https://bugzilla.redhat.com/show_bug.cgi?id=1466746 • CWE-476: NULL Pointer Dereference CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2017-9225
https://notcve.org/view.php?id=CVE-2017-9225
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow. Se descubrió un problema en Oniguruma versión 6.2.0, tal como es usado en Oniguruma-mod en Ruby hasta la versión 2.4.1 y mbstring en PHP hasta la versión 7.1.5. • https://github.com/kkos/oniguruma/commit/166a6c3999bf06b4de0ab4ce6b088a468cc4029f https://github.com/kkos/oniguruma/issues/56 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 2CVE-2009-5147 – ruby: DL:: dlopen could open a library with tainted library name
https://notcve.org/view.php?id=CVE-2009-5147
DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names. DL::dlopen en Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 en versiones anteriores a patchlevel 648, y 2.1 en versiones anteriores a 2.1.8 abre librerías con nombres contaminados. • https://github.com/vpereira/CVE-2009-5147 https://github.com/zhangyongbo100/-Ruby-dl-handle.c-CVE-2009-5147- http://seclists.org/oss-sec/2015/q3/222 http://www.securityfocus.com/bid/76060 https://access.redhat.com/errata/RHSA-2018:0583 https://bugzilla.redhat.com/show_bug.cgi?id=1248935 https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551 https:&# • CWE-20: Improper Input Validation CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 8.4EPSS: 0%CPEs: 14EXPL: 0CVE-2015-7551 – ruby: DL:: dlopen could open a library with tainted library name
https://notcve.org/view.php?id=CVE-2015-7551
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression. La implementación Fiddle::Handle en ext/fiddle/handle.c en Ruby en versiones anteriores a 2.0.0-p648, 2.1 en versiones anteriores a 2.1.8 y 2.2 en versiones anteriores a 2.2.4, según se distribuye en Apple OS X en versiones anteriores a 10.11.4 y otros productos, no maneja correctamente el tainting, lo que permite a atacantes dependientes del contexto ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de una cadena manipulada, relacionado con el módulo DL y la librería libffi. NOTA: esta vulnerabilidad existe por una regresión de CVE-2009-5147. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551 http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/76060 https://access.redhat.com/errata/RHSA-2018:0583 https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.h • CWE-20: Improper Input Validation CWE-267: Privilege Defined With Unsafe Actions •