cbcvebase.

Ruby-Lang Ruby vulnerabilities

95 known vulnerabilities affecting ruby-lang/ruby.

Total CVEs
95
CISA KEV
0
Public exploits
11
Exploited in wild
1
Severity breakdown
CRITICAL16HIGH35MEDIUM44

Vulnerabilities

Page 2 of 5
CVE-2018-6914P3HIGHCVSS 7.5≥ 2.2.0, < 2.2.10≥ 2.3.0, < 2.3.7+3 more2018-04-03
CVE-2018-6914 [HIGH] CWE-22 CVE-2018-6914: Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2. Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument.
nvdosv
CVE-2017-14064P3CRITICALCVSS 9.8≤ 2.2.7v2.3.0+6 more2017-08-31
CVE-2017-14064 [CRITICAL] CWE-119 CVE-2017-14064: Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len.
nvdosv
CVE-2016-2336P3CRITICALCVSS 9.8v2.2.2v2.3.02017-01-06
CVE-2016-2336 [CRITICAL] CVE-2016-2336: Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. A Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution.
nvd
CVE-2017-9225P3CRITICALCVSS 9.8≤ 2.4.12017-05-24
CVE-2017-9225 [CRITICAL] CWE-787 CVE-2017-9225: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstr An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression c
nvd
CVE-2016-2339P3CRITICALCVSS 9.8v2.2.2v2.3.02017-01-06
CVE-2016-2339 [CRITICAL] CWE-119 CVE-2016-2339: An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and
nvd
CVE-2008-3443P4MEDIUMCVSS 5.0PoCv1.6.8v1.8.0+8 more2008-08-14
CVE-2008-3443 [MEDIUM] CWE-399 CVE-2008-3443: The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 t The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.
nvd
CVE-2018-16396P3HIGHCVSS 8.1≥ 2.3.0, ≤ 2.3.7≥ 2.4.0, ≤ 2.4.4+2 more2018-11-16
CVE-2018-16396 [HIGH] CVE-2018-16396: An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x befo An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
nvdosv
CVE-2022-28738P3CRITICALCVSS 9.8≥ 3.0.0, < 3.0.4≥ 3.1.0, < 3.1.22022-05-09
CVE-2022-28738 [CRITICAL] CWE-415 CVE-2022-28738: A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.
nvdosv
CVE-2026-46727P3HIGHCVSS 8.1≥ 4.0.0, < 4.0.52026-05-22
CVE-2026-46727 [HIGH] CWE-362 CVE-2026-46727: An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler (rb_getaddrinfo in ext/socket/raddrinfo.c) allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that calls Addrinfo.getaddrinfo(..., timeout:) or Socket.tcp
cvelistv5nvd
CVE-2021-32066P3HIGHCVSS 7.4≥ 2.6.0, ≤ 2.6.7≥ 2.7.0, ≤ 2.7.3+1 more2021-08-01
CVE-2021-32066 [HIGH] CWE-755 CVE-2021-32066: An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command,
nvd
CVE-2018-8778P3HIGHCVSS 7.5≥ 2.2.0, < 2.2.10≥ 2.3.0, < 2.3.7+3 more2018-04-03
CVE-2018-8778 [HIGH] CWE-134 CVE-2018-8778: In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.
nvdosv
CVE-2012-5380P4MEDIUMCVSS 6.7PoCv1.9.32012-10-11
CVE-2012-5380 [MEDIUM] CWE-22 CVE-2012-5380: Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when insta Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbs
nvd
CVE-2021-28965P3HIGHCVSS 7.5fixed in 2.6.7≥ 2.7.0, < 2.7.3+1 more2021-04-21
CVE-2021-28965 [HIGH] CVE-2021-28965: The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not p The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.
nvd
CVE-2022-28739P3HIGHCVSS 7.5fixed in 2.6.10≥ 2.7.0, < 2.7.6+2 more2022-05-09
CVE-2022-28739 [HIGH] CWE-125 CVE-2022-28739: There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x b There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.
nvd
CVE-2020-25613P3HIGHCVSS 7.5≤ 2.5.8≥ 2.6.0, ≤ 2.6.6+1 more2020-10-06
CVE-2020-25613 [HIGH] CWE-444 CVE-2020-25613: An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smu
nvd
CVE-2009-5147P3HIGHCVSS 7.3v1.8.0v1.9.0+11 more2017-03-29
CVE-2009-5147 [HIGH] CWE-20 CVE-2009-5147: DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.
nvd
CVE-2018-8779P3HIGHCVSS 7.5≥ 2.2.0, < 2.2.10≥ 2.3.0, < 2.3.7+3 more2018-04-03
CVE-2018-8779 [HIGH] CWE-20 CVE-2018-8779: In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.
nvdosv
CVE-2008-2663P3CRITICALCVSS 10.0≤ 1.8.4fixed in 1.8.5.231+2 more2008-06-24
CVE-2008-2663 [CRITICAL] CVE-2008-2663: Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8. Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080
nvd
CVE-2008-2662P3CRITICALCVSS 10.0≤ 1.8.4fixed in 1.8.5.231+3 more2008-06-24
CVE-2008-2662 [CRITICAL] CWE-189 CVE-2008-2662: Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than
nvd
CVE-2009-4124P3CRITICALCVSS 10.0v1.9.12009-12-11
CVE-2009-4124 [CRITICAL] CWE-119 CVE-2009-4124: Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p37 Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of these details are obtained from third party information.
nvd
Ruby-Lang Ruby vulnerabilities | cvebase