CVE-2016-2337
published 2017-01-06CVE-2016-2337: Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause…
PriorityP353critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
6.20%
92.6th percentile
Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby | ruby | — | — |
| ruby | ruby | — | — |
| tcl | tcl_tk | — | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu7.3HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f58m-77qc-8gjv: Type confusion exists in _cancel_eval Ruby's TclTkIp class method
ghsa_unreviewed·2022-05-14
CVE-2016-2337 [CRITICAL] GHSA-f58m-77qc-8gjv: Type confusion exists in _cancel_eval Ruby's TclTkIp class method
Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.
OSV
ruby1.9.1, ruby2.0, ruby2.3 vulnerabilities
osv·2017-07-25·CVSS 7.3
CVE-2009-5147 [HIGH] ruby1.9.1, ruby2.0, ruby2.3 vulnerabilities
ruby1.9.1, ruby2.0, ruby2.3 vulnerabilities
It was discovered that Ruby DL::dlopen incorrectly handled opening
libraries. An attacker could possibly use this issue to open libraries with
tainted names. This issue only applied to Ubuntu 14.04 LTS. (CVE-2009-5147)
Tony Arcieri, Jeffrey Walton, and Steffan Ullrich discovered that the Ruby
OpenSSL extension incorrectly handled hostname wildcard matching. This
issue only applied to Ubuntu 14.04 LTS. (CVE-2015-1855)
Christian Hofstaedtler discovered that Ruby Fiddle::Handle incorrectly
handled certain crafted strings. An attacker could use this issue to cause
a denial of service, or possibly execute arbitrary code. This issue only
applied to Ubuntu 14.04 LTS. (CVE-2015-7551)
It was discovered that Ruby Net::SMTP incorrectly handled CRLF sequ
OSV
CVE-2016-2337: Type confusion exists in _cancel_eval Ruby's TclTkIp class method
osv·2017-01-06·CVSS 9.8
CVE-2016-2337 [CRITICAL] CVE-2016-2337: Type confusion exists in _cancel_eval Ruby's TclTkIp class method
Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.
Ubuntu
Ruby vulnerabilities
vendor_ubuntu·2017-07-25·CVSS 7.3
CVE-2009-5147 [HIGH] Ruby vulnerabilities
Title: Ruby vulnerabilities
Summary: Several security issues were fixed in Ruby.
It was discovered that Ruby DL::dlopen incorrectly handled opening
libraries. An attacker could possibly use this issue to open libraries with
tainted names. This issue only applied to Ubuntu 14.04 LTS. (CVE-2009-5147)
Tony Arcieri, Jeffrey Walton, and Steffan Ullrich discovered that the Ruby
OpenSSL extension incorrectly handled hostname wildcard matching. This
issue only applied to Ubuntu 14.04 LTS. (CVE-2015-1855)
Christian Hofstaedtler discovered that Ruby Fiddle::Handle incorrectly
handled certain crafted strings. An attacker could use this issue to cause
a denial of service, or possibly execute arbitrary code. This issue only
applied to Ubuntu 14.04 LTS. (CVE-2015-7551)
It was discovered that Ruby N
Red Hat
ruby: TclTkIp ip_cancel_eval type confusion vulnerability
vendor_redhat·2016-06-14·CVSS 9.8
CVE-2016-2337 [CRITICAL] CWE-843 ruby: TclTkIp ip_cancel_eval type confusion vulnerability
ruby: TclTkIp ip_cancel_eval type confusion vulnerability
Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.
Statement: Red Hat Product Security has rated this issue as having Moderate security
impact. This issue is not currently planned to be addressed in future
updates. For additional information, refer to the Issue Severity
Classification: https://access.redhat.com/security/updates/classification/.
Package: rh-ruby22-ruby (CloudForms Management Engine 5) - Will not fix
Package: ruby-200-ruby (CloudForms Management Engine 5) - Will not fix
Package: ruby (Red Hat Enterprise Linux 5) - Will not fix
Package: ruby (Red Hat Enterprise Linux 6) - Will not fix
Pa
No detection rules found.
No public exploits indexed.
http://www.securityfocus.com/bid/91233http://www.talosintelligence.com/reports/TALOS-2016-0031/https://lists.debian.org/debian-lts-announce/2018/08/msg00028.htmlhttps://security.gentoo.org/glsa/201710-18http://www.securityfocus.com/bid/91233http://www.talosintelligence.com/reports/TALOS-2016-0031/https://lists.debian.org/debian-lts-announce/2018/08/msg00028.htmlhttps://security.gentoo.org/glsa/201710-18
2017-01-06
Published