CVE-2005-2337 — Matsumoto Ruby vulnerability

7 documents6 sources

Severity

7.5HIGHNVD

EPSS

16.0%

top 5.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Yukihiro Matsumoto Ruby

Timeline

PublishedOct 7

Latest updateMay 1

Description

Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin).

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDyukihiro_matsumoto/ruby12 versions+11

Patches

Patch: secunia.com ↗Patch: www.ruby-lang.org ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-w8mr-4m5w-x8wv: Ruby 1↗2022-05-01

▶

CVEList

CVE-2005-2337: Ruby 1↗2005-10-07

▶

📋Vendor Advisories

Ubuntu

Ruby vulnerability↗2005-10-10

▶

Ubuntu

Xine library vulnerability↗2005-10-10

▶

Red Hat

security flaw↗2005-09-23

▶

💬Community

Bugzilla

CVE-2005-2337 security flaw↗2018-08-16

▶