Lucene search

[email protected]NVD:CVE-2015-7551

HistoryMar 24, 2016 - 1:59 a.m.

CVE-2015-7551

2016-03-2401:59:03

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.008

Percentile

81.3%

JSON

The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.

Affected configurations

Nvd

Node

applemac_os_xRange≤10.11.3

Node

ruby-langrubyRange≤2.0.0-p647

ruby-langrubyMatch2.1.0

ruby-langrubyMatch2.1.1

ruby-langrubyMatch2.1.2

ruby-langrubyMatch2.1.3

ruby-langrubyMatch2.1.4

ruby-langrubyMatch2.1.5

ruby-langrubyMatch2.1.6

ruby-langrubyMatch2.1.7

ruby-langrubyMatch2.2.0

ruby-langrubyMatch2.2.1

ruby-langrubyMatch2.2.2

ruby-langrubyMatch2.2.3

VendorProductVersionCPE
applemac_os_x*cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
ruby-langruby*cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*
ruby-langruby2.1.0cpe:2.3:a:ruby-lang:ruby:2.1.0:*:*:*:*:*:*:*
ruby-langruby2.1.1cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*
ruby-langruby2.1.2cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*
ruby-langruby2.1.3cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*
ruby-langruby2.1.4cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*
ruby-langruby2.1.5cpe:2.3:a:ruby-lang:ruby:2.1.5:*:*:*:*:*:*:*
ruby-langruby2.1.6cpe:2.3:a:ruby-lang:ruby:2.1.6:*:*:*:*:*:*:*
ruby-langruby2.1.7cpe:2.3:a:ruby-lang:ruby:2.1.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	mac_os_x	*	cpe:2.3:o:apple:mac_os_x::::::::
ruby-lang	ruby	*	cpe:2.3:a:ruby-lang:ruby::::::::
ruby-lang	ruby	2.1.0	cpe:2.3:a:ruby-lang:ruby:2.1.0:::::::*
ruby-lang	ruby	2.1.1	cpe:2.3:a:ruby-lang:ruby:2.1.1:::::::*
ruby-lang	ruby	2.1.2	cpe:2.3:a:ruby-lang:ruby:2.1.2:::::::*
ruby-lang	ruby	2.1.3	cpe:2.3:a:ruby-lang:ruby:2.1.3:::::::*
ruby-lang	ruby	2.1.4	cpe:2.3:a:ruby-lang:ruby:2.1.4:::::::*
ruby-lang	ruby	2.1.5	cpe:2.3:a:ruby-lang:ruby:2.1.5:::::::*
ruby-lang	ruby	2.1.6	cpe:2.3:a:ruby-lang:ruby:2.1.6:::::::*
ruby-lang	ruby	2.1.7	cpe:2.3:a:ruby-lang:ruby:2.1.7:::::::*