Lucene search

K

[email protected]NVD:CVE-2012-4466

HistoryApr 25, 2013 - 11:55 p.m.

CVE-2012-4466

2013-04-2523:55:01

CWE-264

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.3%

Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.

Affected configurations

NVD

Node

ruby-langrubyMatch1.8.7

OR

ruby-langrubyMatch1.8.7p160

OR

ruby-langrubyMatch1.8.7p17

OR

ruby-langrubyMatch1.8.7p173

OR

ruby-langrubyMatch1.8.7p174

OR

ruby-langrubyMatch1.8.7p22

OR

ruby-langrubyMatch1.8.7p248

OR

ruby-langrubyMatch1.8.7p249

OR

ruby-langrubyMatch1.8.7p299

OR

ruby-langrubyMatch1.8.7p301

OR

ruby-langrubyMatch1.8.7p302

OR

ruby-langrubyMatch1.8.7p330

OR

ruby-langrubyMatch1.8.7p334

OR

ruby-langrubyMatch1.8.7p352

OR

ruby-langrubyMatch1.8.7p357

OR

ruby-langrubyMatch1.8.7p358

OR

ruby-langrubyMatch1.8.7p370

OR

ruby-langrubyMatch1.8.7p71

OR

ruby-langrubyMatch1.8.7p72

OR

ruby-langrubyMatch1.8.7preview1

OR

ruby-langrubyMatch1.8.7preview2

OR

ruby-langrubyMatch1.8.7preview3

OR

ruby-langrubyMatch1.8.7preview4

OR

ruby-langrubyMatch1.9.3

OR

ruby-langrubyMatch1.9.3p0

OR

ruby-langrubyMatch1.9.3p125

OR

ruby-langrubyMatch1.9.3p194

OR

ruby-langrubyMatch2.0

OR

ruby-langrubyMatch2.0.0

OR

ruby-langrubyMatch2.0.0p0

OR

ruby-langrubyMatch2.0.0preview1

OR

ruby-langrubyMatch2.0.0preview2

OR

ruby-langrubyMatch2.0.0rc1

OR

ruby-langrubyMatch2.0.0rc2

References

lists.fedoraproject.org/pipermail/package-announce/2012-October/089554.html

lists.fedoraproject.org/pipermail/package-announce/2012-October/089887.html

svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068

www.mandriva.com/security/advisories?name=MDVSA-2013:124

www.openwall.com/lists/oss-security/2012/10/02/4

www.openwall.com/lists/oss-security/2012/10/03/9

www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/

bugzilla.redhat.com/show_bug.cgi?id=862614

wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.3%

Related for NVD:CVE-2012-4466

amazon2 ubuntucve4 cvelist4 seebug1 prion4 openvas65 nessus46 cve4 rubygems4 nvd3 fedora9 veracode4 freebsd1 ubuntu6 securityvulns5 centos4 redhat6 oraclelinux4 gentoo1