CVE-2006-3694 — Matsumoto Ruby vulnerability

8 documents6 sources

Severity

6.4MEDIUMNVD

EPSS

2.7%

top 14.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Yukihiro Matsumoto Ruby

Timeline

PublishedJul 21

Latest updateMay 3

Description

Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

▶NVDyukihiro_matsumoto/ruby1.8.2, 1.8.3, 1.8.4+2

Patches

Patch: secunia.com ↗Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-rx2v-jmvm-3c4h: Multiple unspecified vulnerabilities in Ruby before 1↗2022-05-03

▶

CVEList

CVE-2006-3694: Multiple unspecified vulnerabilities in Ruby before 1↗2006-07-19

▶

📋Vendor Advisories

Ubuntu

ruby1.8 vulnerability↗2006-07-28

▶

Red Hat

security flaw↗2006-07-11

▶

💬Community

Bugzilla

CVE-2006-3694 security flaw↗2018-08-16

▶

Bugzilla

CVE-2006-3694 Insecure operations in the certain safe-level restrictions↗2006-07-20

▶

Bugzilla

CVE-2006-3694 ruby safe-level bypass↗2006-07-20

▶