CVE-2010-2489Improper Restriction of Operations within the Bounds of a Memory Buffer in Ruby

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.1%
top 67.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Ruby-lang Ruby
Timeline
PublishedJul 12
Latest updateMay 17

Description

Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filenames of the backup files.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDruby-lang/ruby6 versions+5

Patches

Patch: www.ruby-lang.orgPatch: www.ruby-lang.org

🔴Vulnerability Details

2
GHSA
GHSA-pj28-mx3m-9668: Buffer overflow in Ruby 12022-05-17
CVEList
CVE-2010-2489: Buffer overflow in Ruby 12010-07-09
CVE-2010-2489 — Ruby-lang Ruby vulnerability | cvebase