CVE-2016-2338 โ€” Out-of-bounds Write in Ruby

CWE-787 โ€” Out-of-bounds Write5 documents5 sources
Severity
9.8CRITICALNVD
EPSS
13.5%
top 5.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian LinuxRuby-lang Ruby
Timeline
PublishedSep 29
Latest updateSep 30

Description

An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

โ–ถNVDruby-lang/ruby2.2.2, 2.3.0+1

Also affects: Debian Linux 8.0

๐Ÿ”ดVulnerability Details

3
GHSA
GHSA-r46x-xjwr-8v2g: An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Rubyโ†—2022-09-30
โ–ถ
OSV
CVE-2016-2338: An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Rubyโ†—2022-09-29
โ–ถ
CVEList
CVE-2016-2338: An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Rubyโ†—2020-02-14
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Red Hat
ruby: heap buffer overflow in the Psych::Emitter start_document functionโ†—2022-09-29
โ–ถ
CVE-2016-2338 โ€” Out-of-bounds Write in Ruby-lang Ruby | cvebase