// For flags

CVE-2009-4124

 

Severity Score

10.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of these details are obtained from third party information.

Desbordamiento del búfer de la memoria dinámica en la función rb_str_justify en string.c en Ruby v1.9.1 en versiones anteriores a v1.9.1-p376 atacantes dependientes del contexto podrían ejecutar código arbitrario a través de vectores sin especificar que incluyen (1) String#ljust, (2) String#center, o (3) String#rjust. NOTA: Algunos de los detalles han sido obtenidos de terceros.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-11-30 CVE Reserved
  • 2009-12-11 CVE Published
  • 2024-06-10 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
1.9.1
Search vendor "Ruby-lang" for product "Ruby" and version "1.9.1"
-p0
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
1.9.1
Search vendor "Ruby-lang" for product "Ruby" and version "1.9.1"
-p129
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
1.9.1
Search vendor "Ruby-lang" for product "Ruby" and version "1.9.1"
-p243
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
1.9.1
Search vendor "Ruby-lang" for product "Ruby" and version "1.9.1"
-preview_1
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
1.9.1
Search vendor "Ruby-lang" for product "Ruby" and version "1.9.1"
-preview_2
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
1.9.1
Search vendor "Ruby-lang" for product "Ruby" and version "1.9.1"
-rc1
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
1.9.1
Search vendor "Ruby-lang" for product "Ruby" and version "1.9.1"
-rc2
Affected