CVE-2020-10933
ruby: BasicSocket#read_nonblock method leads to information disclosure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.
Se descubrió un problema en Ruby versiones 2.5.x hasta 2.5.7, versiones 2.6.x hasta 2.6.5, y versión 2.7.0. Si una víctima llama a BasicSocket#read_nonblock(requested_size, buffer, exception: false), el método redimensiona el buffer para ajustarlo al tamaño requerido, pero ningún dato es copiado. Por lo tanto, la cadena del búfer proporciona el valor previo de la pila. Esto puede exponer datos posiblemente confidenciales del intérprete.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-03-24 CVE Reserved
- 2020-05-04 CVE Published
- 2023-11-08 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-908: Use of Uninitialized Resource
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
https://security.netapp.com/advisory/ntap-20200625-0001 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933 | 2024-08-04 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | >= 2.5.0 <= 2.5.7 Search vendor "Ruby-lang" for product "Ruby" and version " >= 2.5.0 <= 2.5.7" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | >= 2.6.0 <= 2.6.5 Search vendor "Ruby-lang" for product "Ruby" and version " >= 2.6.0 <= 2.6.5" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 2.7.0 Search vendor "Ruby-lang" for product "Ruby" and version "2.7.0" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 31 Search vendor "Fedoraproject" for product "Fedora" and version "31" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
|