CVE-2017-9225
https://notcve.org/view.php?id=CVE-2017-9225
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow. Se descubrió un problema en Oniguruma versión 6.2.0, tal como es usado en Oniguruma-mod en Ruby hasta la versión 2.4.1 y mbstring en PHP hasta la versión 7.1.5. • https://github.com/kkos/oniguruma/commit/166a6c3999bf06b4de0ab4ce6b088a468cc4029f https://github.com/kkos/oniguruma/issues/56 • CWE-787: Out-of-bounds Write •
CVE-2017-9229 – oniguruma: Invalid pointer dereference in left_adjust_char_head()
https://notcve.org/view.php?id=CVE-2017-9229
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition. Se descubrió un problema en Oniguruma versión 6.2.0, como es usado en Oniguruma-mod en Ruby hasta versión 2.4.1 y mbstring en PHP hasta versión 7.1.5. Un SIGSEGV se produce en la función left_adjust_char_head() durante la compilación de expresiones regulares. • https://access.redhat.com/errata/RHSA-2018:1296 https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d https://github.com/kkos/oniguruma/issues/59 https://access.redhat.com/security/cve/CVE-2017-9229 https://bugzilla.redhat.com/show_bug.cgi?id=1466746 • CWE-476: NULL Pointer Dereference CWE-787: Out-of-bounds Write •
CVE-2017-6181
https://notcve.org/view.php?id=CVE-2017-6181
The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression. La función parse_char_class en regparse.c en la Onigmo (también conocida como Oniguruma-mod) libreria de expresión regular,como se utiliza en Ruby 2.4.0, permite a atacantes remotos provocar una denegación de servicio (recursión profunda y caída de la aplicación) a través de una expresión regular manipulada. • http://www.securityfocus.com/bid/97304 https://bugs.ruby-lang.org/issues/13234 https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/57660 • CWE-20: Improper Input Validation •
CVE-2009-5147 – ruby: DL:: dlopen could open a library with tainted library name
https://notcve.org/view.php?id=CVE-2009-5147
DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names. DL::dlopen en Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 en versiones anteriores a patchlevel 648, y 2.1 en versiones anteriores a 2.1.8 abre librerías con nombres contaminados. • https://github.com/vpereira/CVE-2009-5147 https://github.com/zhangyongbo100/-Ruby-dl-handle.c-CVE-2009-5147- http://seclists.org/oss-sec/2015/q3/222 http://www.securityfocus.com/bid/76060 https://access.redhat.com/errata/RHSA-2018:0583 https://bugzilla.redhat.com/show_bug.cgi?id=1248935 https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551 https: • CWE-20: Improper Input Validation CWE-267: Privilege Defined With Unsafe Actions •
CVE-2016-2336
https://notcve.org/view.php?id=CVE-2016-2336
Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution. Existe un tipo de confusión en dos métodos de la clase WIN32OLE de Ruby, ole_invoke y ole_query_interface. El atacante que pasa un diferente tipo de objeto del que es asumido por los desarrolladores puede provocar la ejecución de código arbitrario. • http://www.talosintelligence.com/reports/TALOS-2016-0029 •