Page 4 of 54 results (0.007 seconds)

CVSS: 9.8EPSS: 0%CPEs: 29EXPL: 1

Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len. Ruby hasta la versión 2.2.7, 2.3.x hasta la 2.3.4, y 2.4.x hasta la 2.4.1 puede exponer memoria arbitraria durante una llamada JSON.generate. Los problemas surgen al usar strdup en ext/json/ext/generator/generator.c, el cual se detendría después de encontrar un byte '\0', devolviendo un puntero a un string de longitud cero, que no es la longitud almacenada en space_len. A buffer overflow vulnerability was found in the JSON extension of ruby. • http://www.securityfocus.com/bid/100890 http://www.securitytracker.com/id/1039363 http://www.securitytracker.com/id/1042004 https://access.redhat.com/errata/RHSA-2017:3485 https://access.redhat.com/errata/RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0585 https://bugs.ruby-lang.org/issues/13853 https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85 https://hackerone.com/reports/209949 https://lists. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring. El modulo Net::SMTP de Ruby anterior a su versión 2.4.0 es vulnerable a la inyección de comandos SMTP mediante secuencias CRLF de los comandos "RCPT TO" o "MAIL FROM", como demuestra las secuencias CRLF inmediatamente antes y después de la substring DATA. • http://www.mbsd.jp/Whitepaper/smtpi.pdf https://github.com/ruby/ruby/commit/0827a7e52ba3d957a634b063bf5a391239b9ffee https://github.com/rubysec/ruby-advisory-db/issues/215 https://hackerone.com/reports/137631 https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html https://www.debian.org/security/2017/dsa-3966 • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow. Se descubrió un problema en Oniguruma versión 6.2.0, tal como es usado en Oniguruma-mod en Ruby hasta la versión 2.4.1 y mbstring en PHP hasta la versión 7.1.5. • https://github.com/kkos/oniguruma/commit/166a6c3999bf06b4de0ab4ce6b088a468cc4029f https://github.com/kkos/oniguruma/issues/56 • CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition. Se descubrió un problema en Oniguruma versión 6.2.0, como es usado en Oniguruma-mod en Ruby hasta versión 2.4.1 y mbstring en PHP hasta versión 7.1.5. Un SIGSEGV se produce en la función left_adjust_char_head() durante la compilación de expresiones regulares. • https://access.redhat.com/errata/RHSA-2018:1296 https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d https://github.com/kkos/oniguruma/issues/59 https://access.redhat.com/security/cve/CVE-2017-9229 https://bugzilla.redhat.com/show_bug.cgi?id=1466746 • CWE-476: NULL Pointer Dereference CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 2

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names. DL::dlopen en Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 en versiones anteriores a patchlevel 648, y 2.1 en versiones anteriores a 2.1.8 abre librerías con nombres contaminados. • https://github.com/vpereira/CVE-2009-5147 https://github.com/zhangyongbo100/-Ruby-dl-handle.c-CVE-2009-5147- http://seclists.org/oss-sec/2015/q3/222 http://www.securityfocus.com/bid/76060 https://access.redhat.com/errata/RHSA-2018:0583 https://bugzilla.redhat.com/show_bug.cgi?id=1248935 https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551 https:&# • CWE-20: Improper Input Validation CWE-267: Privilege Defined With Unsafe Actions •