Vulnerability Details CVE-2016-2339
An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://www.securityfocus.com/bid/91234
- http://www.talosintelligence.com/reports/TALOS-2016-0034/
- https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html
- http://www.securityfocus.com/bid/91234
- http://www.talosintelligence.com/reports/TALOS-2016-0034/
- https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html