Lucene search
CertccCVELIST:CVE-2016-2337HistoryJan 06, 2017 - 9:00 p.m.
CVE-2016-2337
2017-01-0621:00:00
certcc
www.cve.org
1
Type confusion exists in _cancel_eval Ruby’s TclTkIp class method. Attacker passing different type of object than String as “retval” argument can cause arbitrary code execution.
CNA Affected
[
{
"product": "Ruby",
"vendor": "Ruby",
"versions": [
{
"status": "affected",
"version": "2.3.0 dev"
},
{
"status": "affected",
"version": "2.2.2"
}
]
},
{
"product": "Tcl/Tk",
"vendor": "Tcl",
"versions": [
{
"status": "affected",
"version": "8.6 or later"
}
]
}
]Related
nvd
nvd
CVE-2016-2337
2017-01-06 21:59:00
debiancve
debiancve
CVE-2016-2337
2017-01-06 21:59:00
redhatcve
redhatcve
CVE-2016-2337
2017-01-12 14:50:37
osv
osv
CVE-2016-2337
2017-01-06 21:59:00
ruby2.1 - security update
2018-08-27 00:00:00
cve
cve
CVE-2016-2337
2017-01-06 21:59:00
seebug
seebug
Ruby TclTkIp ip_cancel_eval Type Confusion Vulnerabilities(CVE-2016-2337)
2017-10-20 00:00:00
talos
talos
Ruby TclTkIp ip_cancel_eval Type Confusion Vulnerabilities
2016-06-14 00:00:00
ubuntucve
ubuntucve
CVE-2016-2337
2017-01-06 00:00:00
prion
prion
Type confusion
2017-01-06 21:59:00
debian
debian
[SECURITY] [DLA 1480-1] ruby2.1 security update
2018-08-27 20:25:50
openvas
openvas
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2017-1051)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2017-1050)
2020-01-23 00:00:00
Mageia: Security Advisory (MGASA-2017-0290)
2022-01-28 00:00:00
nessus
nessus
Debian DLA-1480-1 : ruby2.1 security update
2018-08-29 00:00:00
EulerOS 2.0 SP1 : ruby (EulerOS-SA-2017-1050)
2017-05-01 00:00:00
EulerOS 2.0 SP2 : ruby (EulerOS-SA-2017-1051)
2017-05-01 00:00:00
mageia
mageia
Updated ruby packages fix security vulnerabilities
2017-08-20 12:10:44
gentoo
gentoo
Ruby: Multiple vulnerabilities
2017-10-18 00:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2017-07-25 00:00:00