CVE-2020-10933
published 2020-05-04CVE-2020-10933: An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer…
PriorityP428medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
2.56%
83.2th percentile
An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | ruby2.7 | < ruby2.7 2.7.1-1 (bullseye) | ruby2.7 2.7.1-1 (bullseye) |
| fedoraproject | fedora | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cm1_ruby_2.6.7-1_on_cbl_mariner_1.0 | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | 2.5.0 – 2.5.7 | — |
| ruby-lang | ruby | 2.6.0 – 2.6.5 | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv7.5HIGH
vendor_ubuntu7.5HIGH
vendor_debian5.3MEDIUM
vendor_msrc5.3MEDIUM
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Ruby vulnerabilities
vendor_ubuntu·2021-03-18·CVSS 7.5
CVE-2020-10663 [HIGH] Ruby vulnerabilities
Title: Ruby vulnerabilities
Summary: Several security issues were fixed in Ruby.
It was discovered that the Ruby JSON gem incorrectly handled certain JSON
files. If a user or automated system were tricked into parsing a specially
crafted JSON file, a remote attacker could use this issue to execute
arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04
LTS. (CVE-2020-10663)
It was discovered that Ruby incorrectly handled certain socket memory
operations. A remote attacker could possibly use this issue to obtain
sensitive information. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-10933)
It was discovered that Ruby incorrectly handled certain transfer-encoding
headers when using Webrick. A remote attacker could possibly use this issue
to byp
Microsoft
An issue was discovered in Ruby 2.5.x through 2.5.7 2.6.x through 2.6.5 and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size buffer exception: false) the method resizes the buffer to
vendor_msrc·2020-05-12·CVSS 5.3
CVE-2020-10933 [MEDIUM] CWE-908 An issue was discovered in Ruby 2.5.x through 2.5.7 2.6.x through 2.6.5 and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size buffer exception: false) the method resizes the buffer to
An issue was discovered in Ruby 2.5.x through 2.5.7 2.6.x through 2.6.5 and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size buffer exception: false) the method resizes the buffer to fit the requested size but no data is copied. Thus the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this
Red Hat
ruby: BasicSocket#read_nonblock method leads to information disclosure
vendor_redhat·2020-03-31·CVSS 5.3
CVE-2020-10933 [MEDIUM] CWE-805 ruby: BasicSocket#read_nonblock method leads to information disclosure
ruby: BasicSocket#read_nonblock method leads to information disclosure
An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.
Statement: Red Hat CloudForms 5 has stopped shipping Ruby and 4.7 ships Ruby 2.4 series, hence not vulnerable to the flaw.
Red Hat Enterprise Linux versions prior than 8 ships ruby 2.0 or older releases, hence not vulnerable to the flaw.
Package: ruby (CloudForms Management Engine 5) - Not affected
Package: ruby (Red Hat Enterprise Linux 5) - N
Debian
CVE-2020-10933: ruby2.7 - An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2....
vendor_debian·2020·CVSS 5.3
CVE-2020-10933 [MEDIUM] CVE-2020-10933: ruby2.7 - An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2....
An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.
Scope: local
bullseye: resolved (fixed in 2.7.1-1)
GHSA
GHSA-g5hm-28jr-53fh: An issue was discovered in Ruby 2
ghsa_unreviewed·2022-05-24
CVE-2020-10933 [MEDIUM] CWE-200 GHSA-g5hm-28jr-53fh: An issue was discovered in Ruby 2
An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.
OSV
ruby2.3, ruby2.5, ruby2.7 vulnerabilities
osv·2021-03-18·CVSS 7.5
CVE-2020-10663 [HIGH] ruby2.3, ruby2.5, ruby2.7 vulnerabilities
ruby2.3, ruby2.5, ruby2.7 vulnerabilities
It was discovered that the Ruby JSON gem incorrectly handled certain JSON
files. If a user or automated system were tricked into parsing a specially
crafted JSON file, a remote attacker could use this issue to execute
arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04
LTS. (CVE-2020-10663)
It was discovered that Ruby incorrectly handled certain socket memory
operations. A remote attacker could possibly use this issue to obtain
sensitive information. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-10933)
It was discovered that Ruby incorrectly handled certain transfer-encoding
headers when using Webrick. A remote attacker could possibly use this issue
to bypass a reverse proxy. (CVE-2020-25613)
OSV
CVE-2020-10933: An issue was discovered in Ruby 2
osv·2020-05-04·CVSS 5.3
CVE-2020-10933 [MEDIUM] CVE-2020-10933: An issue was discovered in Ruby 2
An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2020-10933 ruby: BasicSocket#read_nonblock method leads to information disclosure [fedora-all]
bugzilla·2020-05-08·CVSS 5.3
CVE-2020-10933 [MEDIUM] CVE-2020-10933 ruby: BasicSocket#read_nonblock method leads to information disclosure [fedora-all]
CVE-2020-10933 ruby: BasicSocket#read_nonblock method leads to information disclosure [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multip
Bugzilla
CVE-2020-10933 ruby: BasicSocket#read_nonblock method leads to information disclosure
bugzilla·2020-05-08·CVSS 5.3
CVE-2020-10933 [MEDIUM] CVE-2020-10933 ruby: BasicSocket#read_nonblock method leads to information disclosure
CVE-2020-10933 ruby: BasicSocket#read_nonblock method leads to information disclosure
An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.
Discussion:
Created ruby tracking bugs for this issue:
Affects: fedora-all [bug 1833293]
---
External References:
https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933
---
Upstream commit for this issue:
https://github.com/ruby/ruby/commit/61b7f86248bd121be2e83768be71ef289e8e5b90
---
Statement
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/https://security.netapp.com/advisory/ntap-20200625-0001/https://www.debian.org/security/2020/dsa-4721https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/https://security.netapp.com/advisory/ntap-20200625-0001/https://www.debian.org/security/2020/dsa-4721https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933/
2020-05-04
Published