Description

An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow.

Remediation

References

CVE-2016-2338

Related Vulnerabilities

WordPress Plugin Image Slider Arbitrary File Deletion (1.1.89)

MySQL Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2010-2008)

WordPress Plugin WP Marketplace-Complete Shopping Cart/eCommerce Solution Arbitrary File Download (2.4.0)

WordPress Plugin RSVPMaker SQL Injection (9.3.2)

Oracle Application Server CVE-2007-3854 Vulnerability (CVE-2007-3854)

Severity

Critical

Classification

CVE-2016-2338 CWE-787 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities