Lucene search

K
rubygemsRubySecRUBY:RUBY-2020-10933
HistoryMar 30, 2020 - 9:00 p.m.

Heap exposure vulnerability in the socket library

2020-03-3021:00:00
RubySec
rubysec.com
27

A heap exposure vulnerability was discovered in the socket library. This
vulnerability has been assigned the CVE identifier CVE-2020-10933. We
strongly recommend upgrading Ruby.

When BasicSocket#recv_nonblock and BasicSocket#read_nonblock are invoked with
size and buffer arguments, they initially resize the buffer to the specified
size. In cases where the operation would block, they return without copying
any data. Thus, the buffer string will now include arbitrary data from the
heap. This may expose possibly sensitive data from the interpreter.

This issue is exploitable only on Linux. This issue had been since Ruby
2.5.0; 2.4 series is not vulnerable.

Related for RUBY:RUBY-2020-10933