MiracleLinux 8 : ruby:2.5 (AXSA:2021-2345:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2345:01 advisory. ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? CVE-2019-15845 ruby: Regular expression denial of service vulnerability of...

MiracleLinux 7 : rh-ruby26-ruby-2.6.7-119.el7 (AXSA:2021-1768:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1768:01 advisory. rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code CVE-2019-3881 ruby: NUL injection vulnerability o...

ruby: BasicSocket#read_nonblock method leads to information disclosure

An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocketreadnonblockrequestedsize, buffer, exception: false, the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous valu...

ruby: BasicSocket#read_nonblock method leads to information disclosure

An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocketreadnonblockrequestedsize, buffer, exception: false, the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous valu...

ruby: BasicSocket#read_nonblock method leads to information disclosure

An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocketreadnonblockrequestedsize, buffer, exception: false, the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous valu...

An issue was discovered in Ruby 2.5.x through 2.5.7 2.6.x through 2.6.5 and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size buffer exception: false) the method resizes the buffer to fit the requested size but no data is copied. Thus the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.

...

The vulnerabilities of the functions BasicSocket#recv_nonblock and BasicSocket#read_nonblock in the Ruby programming language allow attackers to gain unauthorized access to protected information.

The vulnerability of the BasicSocketrecvnonblock and BasicSocketreadnonblock functions in the Ruby programming language is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected...

ALPINE-CVE-2020-10933

An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocketreadnonblockrequestedsize, buffer, exception: false, the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous valu...