Description

An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.

Remediation

References

CVE-2016-2339

Related Vulnerabilities

Drupal Core 7.x Remote Code Execution (7.0 - 7.74)

WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup Arbitrary SQL Query Execution Vulnerability (4.16.38)

WordPress Plugin CMS Tree Page View Security Bypass (1.3.4)

Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2021-3690)

WordPress Plugin World of Warcraft-Armory Table Cross-Site Scripting (0.2.5)

Severity

Critical

Classification

CVE-2016-2339 CWE-119 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities