Lucene search

K
rubygemsRubySecRUBY:RUBY-2020-10933
HistoryMar 30, 2020 - 9:00 p.m.

Heap exposure vulnerability in the socket library

2020-03-3021:00:00
RubySec
rubysec.com
29

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.006 Low

EPSS

Percentile

79.5%

A heap exposure vulnerability was discovered in the socket library. This
vulnerability has been assigned the CVE identifier CVE-2020-10933. We
strongly recommend upgrading Ruby.

When BasicSocket#recv_nonblock and BasicSocket#read_nonblock are invoked with
size and buffer arguments, they initially resize the buffer to the specified
size. In cases where the operation would block, they return without copying
any data. Thus, the buffer string will now include arbitrary data from the
heap. This may expose possibly sensitive data from the interpreter.

This issue is exploitable only on Linux. This issue had been since Ruby
2.5.0; 2.4 series is not vulnerable.

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.006 Low

EPSS

Percentile

79.5%