Description

An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.

Remediation

References

CVE-2016-2339

Related Vulnerabilities

WordPress Plugin WP Visitor Statistics (Real Time Traffic) SQL Injection (5.5)

osTicket Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-24881)

WordPress Plugin YITH WooCommerce PDF Invoice and Shipping List Security Bypass (1.2.12)

XOOPS Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-4851)

Jenkins Other Vulnerability (CVE-2021-21696)

Severity

Critical

Classification

CVE-2016-2339 CWE-119 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities