CVE-2013-2065

EUVD-2013-2046
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
Affected Products (NVD)
VendorProductVersion
opensuseopensuse
12.2
opensuseopensuse
12.3
ruby-langruby
1.9
ruby-langruby
1.9.1
ruby-langruby
1.9.2
ruby-langruby
1.9.3
ruby-langruby
1.9.3:p0
ruby-langruby
1.9.3:p125
ruby-langruby
1.9.3:p194
ruby-langruby
1.9.3:p286
ruby-langruby
1.9.3:p383
ruby-langruby
1.9.3:p385
ruby-langruby
1.9.3:p392
ruby-langruby
2.0
ruby-langruby
2.0.0
ruby-langruby
2.0.0:p0
ruby-langruby
2.0.0:preview1
ruby-langruby
2.0.0:preview2
ruby-langruby
2.0.0:rc1
ruby-langruby
2.0.0:rc2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ruby1.8
lucid
ignored
precise
not-affected
quantal
not-affected
raring
not-affected
saucy
not-affected
ruby1.9.1
lucid
ignored
precise
Fixed 1.9.3.0-1ubuntu2.8
released
quantal
Fixed 1.9.3.194-1ubuntu1.6
released
raring
Fixed 1.9.3.194-8.1ubuntu1.2
released
saucy
Fixed 1.9.3.194-8.1ubuntu2.1
released
ruby2.0
lucid
dne
precise
dne
quantal
dne
raring
dne
saucy
not-affected
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107064.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107098.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107120.html
http://lists.opensuse.org/opensuse-updates/2013-10/msg00057.html
http://www.ubuntu.com/usn/USN-2035-1
https://puppet.com/security/cve/cve-2013-2065
https://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107064.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107098.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107120.html
http://lists.opensuse.org/opensuse-updates/2013-10/msg00057.html
http://www.ubuntu.com/usn/USN-2035-1
https://puppet.com/security/cve/cve-2013-2065
https://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/