← volver
CVE-2016-2339

CVE-2016-2339

EPSS 5.1%
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 5.1%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
06 ene 2017Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.
Productos afectados
Ruby · Ruby

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://lists.debian.org/debian-lts-announce/2018/07/msg00012.htmlhttp://www.securityfocus.com/bid/91234http://www.talosintelligence.com/reports/TALOS-2016-0034/