CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
81.3%
DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.
Vendor | Product | Version | CPE |
---|---|---|---|
ruby-lang | ruby | 2.0.0 | cpe:/a:ruby-lang:ruby:2.0.0:p598:: |
ruby-lang | ruby | 2.1.1 | cpe:/a:ruby-lang:ruby:2.1.1::: |
ruby-lang | ruby | 1.8.0 | cpe:/a:ruby-lang:ruby:1.8.0::: |
ruby-lang | ruby | 2.0.0 | cpe:/a:ruby-lang:ruby:2.0.0:p647:: |
ruby-lang | ruby | 2.1.5 | cpe:/a:ruby-lang:ruby:2.1.5::: |
ruby-lang | ruby | 2.0.0 | cpe:/a:ruby-lang:ruby:2.0.0:p247:: |
ruby-lang | ruby | 1.9.0 | cpe:/a:ruby-lang:ruby:1.9.0::: |
ruby-lang | ruby | 2.0.0 | cpe:/a:ruby-lang:ruby:2.0.0:p195:: |
ruby-lang | ruby | 2.1.7 | cpe:/a:ruby-lang:ruby:2.1.7::: |
ruby-lang | ruby | 1.9.2 | cpe:/a:ruby-lang:ruby:1.9.2::: |
seclists.org/oss-sec/2015/q3/222
www.securityfocus.com/bid/76060
access.redhat.com/errata/RHSA-2018:0583
bugzilla.redhat.com/show_bug.cgi?id=1248935
github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b
www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/
More
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
81.3%