// For flags

CVE-2009-5147

ruby: DL:: dlopen could open a library with tainted library name

Severity Score

7.3
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.

DL::dlopen en Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 en versiones anteriores a patchlevel 648, y 2.1 en versiones anteriores a 2.1.8 abre librerías con nombres contaminados.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-07-28 CVE Reserved
  • 2017-03-14 First Exploit
  • 2017-03-29 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-20: Improper Input Validation
  • CWE-267: Privilege Defined With Unsafe Actions
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
1.8.0
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.0"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
1.9.0
Search vendor "Ruby-lang" for product "Ruby" and version "1.9.0"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
1.9.2
Search vendor "Ruby-lang" for product "Ruby" and version "1.9.2"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
1.9.3
Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
2.0.0
Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
2.0.0
Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0"
p195
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
2.0.0
Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0"
p247
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
2.0.0
Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0"
p353
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
2.0.0
Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0"
p481
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
2.0.0
Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0"
p576
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
2.0.0
Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0"
p594
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
2.0.0
Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0"
p598
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
2.0.0
Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0"
p643
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
2.0.0
Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0"
p645
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
2.0.0
Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0"
p647
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
2.1.0
Search vendor "Ruby-lang" for product "Ruby" and version "2.1.0"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
2.1.1
Search vendor "Ruby-lang" for product "Ruby" and version "2.1.1"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
2.1.2
Search vendor "Ruby-lang" for product "Ruby" and version "2.1.2"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
2.1.3
Search vendor "Ruby-lang" for product "Ruby" and version "2.1.3"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
2.1.4
Search vendor "Ruby-lang" for product "Ruby" and version "2.1.4"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
2.1.5
Search vendor "Ruby-lang" for product "Ruby" and version "2.1.5"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
2.1.6
Search vendor "Ruby-lang" for product "Ruby" and version "2.1.6"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
2.1.7
Search vendor "Ruby-lang" for product "Ruby" and version "2.1.7"
-
Affected