CVE-2009-5147
ruby: DL:: dlopen could open a library with tainted library name
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.
DL::dlopen en Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 en versiones anteriores a patchlevel 648, y 2.1 en versiones anteriores a 2.1.8 abre librerÃas con nombres contaminados.
It was discovered that Ruby DL::dlopen incorrectly handled opening libraries. An attacker could possibly use this issue to open libraries with tainted names. This issue only applied to Ubuntu 14.04 LTS. Tony Arcieri, Jeffrey Walton, and Steffan Ullrich discovered that the Ruby OpenSSL extension incorrectly handled hostname wildcard matching. This issue only applied to Ubuntu 14.04 LTS. Christian Hofstaedtler discovered that Ruby Fiddle::Handle incorrectly handled certain crafted strings. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-07-28 CVE Reserved
- 2017-03-14 First Exploit
- 2017-03-29 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
- CWE-267: Privilege Defined With Unsafe Actions
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/76060 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://github.com/vpereira/CVE-2009-5147 | 2017-03-14 | |
https://github.com/zhangyongbo100/-Ruby-dl-handle.c-CVE-2009-5147- | 2019-04-22 |
URL | Date | SRC |
---|---|---|
http://seclists.org/oss-sec/2015/q3/222 | 2018-03-28 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1248935 | 2018-03-26 | |
https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b | 2018-03-28 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.0 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.0" | - |
Affected
| ||||||
Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.9.0 Search vendor "Ruby-lang" for product "Ruby" and version "1.9.0" | - |
Affected
| ||||||
Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.9.2 Search vendor "Ruby-lang" for product "Ruby" and version "1.9.2" | - |
Affected
| ||||||
Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.9.3 Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3" | - |
Affected
| ||||||
Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.0.0 Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0" | - |
Affected
| ||||||
Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.0.0 Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0" | p195 |
Affected
| ||||||
Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.0.0 Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0" | p247 |
Affected
| ||||||
Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.0.0 Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0" | p353 |
Affected
| ||||||
Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.0.0 Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0" | p481 |
Affected
| ||||||
Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.0.0 Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0" | p576 |
Affected
| ||||||
Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.0.0 Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0" | p594 |
Affected
| ||||||
Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.0.0 Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0" | p598 |
Affected
| ||||||
Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.0.0 Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0" | p643 |
Affected
| ||||||
Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.0.0 Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0" | p645 |
Affected
| ||||||
Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.0.0 Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0" | p647 |
Affected
| ||||||
Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.1.0 Search vendor "Ruby-lang" for product "Ruby" and version "2.1.0" | - |
Affected
| ||||||
Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.1.1 Search vendor "Ruby-lang" for product "Ruby" and version "2.1.1" | - |
Affected
| ||||||
Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.1.2 Search vendor "Ruby-lang" for product "Ruby" and version "2.1.2" | - |
Affected
| ||||||
Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.1.3 Search vendor "Ruby-lang" for product "Ruby" and version "2.1.3" | - |
Affected
| ||||||
Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.1.4 Search vendor "Ruby-lang" for product "Ruby" and version "2.1.4" | - |
Affected
| ||||||
Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.1.5 Search vendor "Ruby-lang" for product "Ruby" and version "2.1.5" | - |
Affected
| ||||||
Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.1.6 Search vendor "Ruby-lang" for product "Ruby" and version "2.1.6" | - |
Affected
| ||||||
Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.1.7 Search vendor "Ruby-lang" for product "Ruby" and version "2.1.7" | - |
Affected
|