CVE-2016-2339

An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
Affected Products (NVD)
VendorProductVersion
ruby-langruby
2.2.2
ruby-langruby
2.3.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ruby1.8
precise
ignored
trusty
dne
xenial
dne
yakkety
dne
zesty
dne
ruby1.9.1
precise
ignored
trusty
Fixed 1.9.3.484-2ubuntu1.3
released
xenial
dne
yakkety
dne
zesty
dne
ruby2.0
precise
dne
trusty
Fixed 2.0.0.484-1ubuntu2.4
released
xenial
dne
yakkety
dne
zesty
dne
ruby2.3
precise
dne
trusty
dne
xenial
not-affected
yakkety
not-affected
zesty
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libruby2_1-2_1
suse enterprise sap 12 SP1
2.1.9-15.1
fixed
suse enterprise sap 12 SP4
2.1.9-19.3.2
fixed
suse enterprise sap 12 SP5
2.1.9-19.3.2
fixed
suse enterprise server 12 SP1
2.1.9-15.1
fixed
suse enterprise server 12 SP2
2.1.9-19.3.2
fixed
suse enterprise server 12 SP3
2.1.9-19.3.2
fixed
suse enterprise server 12 SP4
2.1.9-19.3.2
fixed
suse enterprise server 12 SP5
2.1.9-19.3.2
fixed
yast2-ruby-bindings
suse enterprise server 12 SP2
3.1.53-9.8.1
fixed
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/91234
http://www.talosintelligence.com/reports/TALOS-2016-0034/
https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html
http://www.securityfocus.com/bid/91234
http://www.talosintelligence.com/reports/TALOS-2016-0034/
https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html