An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow.
References
Link | Resource |
---|---|
http://www.talosintelligence.com/reports/TALOS-2016-0032/ | Exploit Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2020/03/msg00032.html | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20221228-0005/ | Third Party Advisory |
Configurations
History
01 Mar 2023, 16:35
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20221228-0005/ - Third Party Advisory |
28 Dec 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Oct 2022, 18:39
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-787 | |
First Time |
Ruby-lang ruby
Debian debian Linux Debian Ruby-lang |
|
CPE | cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:* |
|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/03/msg00032.html - Mailing List, Third Party Advisory | |
References | (MISC) http://www.talosintelligence.com/reports/TALOS-2016-0032/ - Exploit, Third Party Advisory |
29 Sep 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-29 03:15
Updated : 2023-12-10 14:35
NVD link : CVE-2016-2338
Mitre link : CVE-2016-2338
CVE.ORG link : CVE-2016-2338
JSON object : View
Products Affected
debian
- debian_linux
ruby-lang
- ruby
CWE
CWE-787
Out-of-bounds Write