Lucene search

K

PRIOn knowledge basePRION:CVE-2013-2065

HistoryNov 02, 2013 - 7:55 p.m.

Code injection

2013-11-0219:55:00

PRIOn knowledge base

www.prio-n.com

1

6.8 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.005 Low

EPSS

Percentile

74.9%

(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.

CPENameOperatorVersion
opensuseeq12.3
opensuseeq12.2
rubyeq2.0.0
rubyeq1.9.3 p286
rubyeq1.9.3 p385
rubyeq1.9.3 p383
rubyeq2.0
rubyeq2.0.0 preview1
rubyeq1.9.2
rubyeq1.9.1

Rows per page:

1-10 of 201

References

lists.opensuse.org/opensuse-updates/2013-10/msg00057.html

www.ubuntu.com/usn/USN-2035-1

lists.fedoraproject.org/pipermail/package-announce/2013-May/107064.html

lists.fedoraproject.org/pipermail/package-announce/2013-May/107098.html

lists.fedoraproject.org/pipermail/package-announce/2013-May/107120.html

puppet.com/security/cve/cve-2013-2065

www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/

6.8 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.005 Low

EPSS

Percentile

74.9%

Related for PRION:CVE-2013-2065

nessus11 slackware1 fedora6 freebsd1 openvas16 cve1 ubuntucve1 amazon1 rubygems1 securityvulns2 ubuntu1 osv1 debian1