Description
An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2012-0519 Vulnerability (CVE-2012-0519)
MySQL CVE-2019-2630 Vulnerability (CVE-2019-2630)
WordPress Plugin Display Widgets Spam Links Injection (2.6.3.1)
ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-4393)
WordPress Plugin Elementor Website Builder Unspecified Vulnerability (1.8.8)