// For flags

CVE-2012-4464

1.9.3: Possibility to bypass Ruby's $SAFE (level 4) semantics

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE: this issue might exist because of a CVE-2011-1005 regression.

Ruby v1.9.3 antes patchlevel 286 y v2.0 antes de la revisión r37068 permite a atacantes dependientes de contexto para evitar las restricciones de seguridad de nivel y modifican a través de las cadenas untainted (1) exc_to_s o (2) la función API name_err_to_s, que marca la cadena como contaminada, un diferentes vulnerabilidad a CVE-2012-4466. NOTA: este problema puede existir como consecuencia de una CVE-2011-1005 de regresión.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-08-21 CVE Reserved
  • 2013-04-25 CVE Published
  • 2024-08-06 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
  • CWE-266: Incorrect Privilege Assignment
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.9.3
Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.9.3
Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3"
p0
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.9.3
Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3"
p125
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.9.3
Search vendor "Ruby-lang" for product "Ruby" and version "1.9.3"
p194
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 2.0
Search vendor "Ruby-lang" for product "Ruby" and version "2.0"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 2.0.0
Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 2.0.0
Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0"
p0
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 2.0.0
Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0"
preview1
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 2.0.0
Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0"
preview2
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 2.0.0
Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0"
rc1
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 2.0.0
Search vendor "Ruby-lang" for product "Ruby" and version "2.0.0"
rc2
Affected