CVE-2009-4124Improper Restriction of Operations within the Bounds of a Memory Buffer in Ruby

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer Overflow6 documents6 sources
Severity
10.0CRITICALNVD
EPSS
1.9%
top 16.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Ruby-lang Ruby
Timeline
PublishedDec 11
Latest updateMay 2

Description

Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDruby-lang/ruby1.9.1

Patches

Patch: www.ruby-lang.orgPatch: www.ruby-lang.org

🔴Vulnerability Details

2
GHSA
GHSA-9mvm-2xp2-9wmw: Heap-based buffer overflow in the rb_str_justify function in string2022-05-02
CVEList
CVE-2009-4124: Heap-based buffer overflow in the rb_str_justify function in string2009-12-11

📋Vendor Advisories

2
Ubuntu
Ruby vulnerabilities2010-02-16
Red Hat
ruby: Heap-based buffer overflow in the rb_str_justify() function2009-12-07

💬Community

1
Bugzilla
CVE-2009-4124 ruby: Heap-based buffer overflow in the rb_str_justify() function2013-05-06
CVE-2009-4124 — Ruby-lang Ruby vulnerability | cvebase