Page 8 of 103 results (0.004 seconds)

CVSS: 9.8EPSS: 0%CPEs: 29EXPL: 1

Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len. Ruby hasta la versión 2.2.7, 2.3.x hasta la 2.3.4, y 2.4.x hasta la 2.4.1 puede exponer memoria arbitraria durante una llamada JSON.generate. Los problemas surgen al usar strdup en ext/json/ext/generator/generator.c, el cual se detendría después de encontrar un byte '\0', devolviendo un puntero a un string de longitud cero, que no es la longitud almacenada en space_len. A buffer overflow vulnerability was found in the JSON extension of ruby. • http://www.securityfocus.com/bid/100890 http://www.securitytracker.com/id/1039363 http://www.securitytracker.com/id/1042004 https://access.redhat.com/errata/RHSA-2017:3485 https://access.redhat.com/errata/RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0585 https://bugs.ruby-lang.org/issues/13853 https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85 https://hackerone.com/reports/209949 https://lists. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as a bypass of a $SAFE protection mechanism. La función parser_yyerror en el analizador UTF-8 de Ruby versión 2.4.1, permite a los atacantes causar una denegación de servicio (lectura o escritura no válidas) o posiblemente tener otro impacto no especificado por medio de un script Ruby creado, relacionado con la función parser_tokadd_utf8 en parse.y. NOTA: esto podría tener relevancia para la seguridad como una omisión de un mecanismo de protección $SAFE. • https://bugs.ruby-lang.org/issues/13742 https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/59344 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring. El modulo Net::SMTP de Ruby anterior a su versión 2.4.0 es vulnerable a la inyección de comandos SMTP mediante secuencias CRLF de los comandos "RCPT TO" o "MAIL FROM", como demuestra las secuencias CRLF inmediatamente antes y después de la substring DATA. • http://www.mbsd.jp/Whitepaper/smtpi.pdf https://github.com/ruby/ruby/commit/0827a7e52ba3d957a634b063bf5a391239b9ffee https://github.com/rubysec/ruby-advisory-db/issues/215 https://hackerone.com/reports/137631 https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html https://www.debian.org/security/2017/dsa-3966 • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow. Se descubrió un problema en Oniguruma versión 6.2.0, tal como es usado en Oniguruma-mod en Ruby hasta la versión 2.4.1 y mbstring en PHP hasta la versión 7.1.5. • https://github.com/kkos/oniguruma/commit/166a6c3999bf06b4de0ab4ce6b088a468cc4029f https://github.com/kkos/oniguruma/issues/56 • CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition. Se descubrió un problema en Oniguruma versión 6.2.0, como es usado en Oniguruma-mod en Ruby hasta versión 2.4.1 y mbstring en PHP hasta versión 7.1.5. Un SIGSEGV se produce en la función left_adjust_char_head() durante la compilación de expresiones regulares. • https://access.redhat.com/errata/RHSA-2018:1296 https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d https://github.com/kkos/oniguruma/issues/59 https://access.redhat.com/security/cve/CVE-2017-9229 https://bugzilla.redhat.com/show_bug.cgi?id=1466746 • CWE-476: NULL Pointer Dereference CWE-787: Out-of-bounds Write •