The vulnerability of the `hash_new_from_values()` function in the Ruby Mruby interpreter allows a attacker to cause a service failure or execute arbitrary code.

The vulnerability of the hashnewfromvalues function in the Ruby Mruby interpreter is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to cause a service failure or execute arbitrary code...

mruby 代码问题漏洞

mruby is a lightweight implementation of the Ruby language. mruby suffers from a buffer overflow vulnerability that stems from the presence of null pointer dereference in mruby, which could be exploited by an attacker to crash the mruby interpreter, thereby impacting system availability...

The vulnerability of the Ruby interpreter lies in the improper limitation of XML references to external objects, which allows attackers to compromise the integrity of data.

The vulnerability of the Ruby interpreter is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to compromise the integrity of data...

The vulnerability of the Ruby interpreter, related to the insertion or modification of arguments, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Ruby programming language interpreter is related to the introduction or modification of arguments. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the lazy_initialize function in the Ruby programming language allows a hacker to execute arbitrary code.

The vulnerability of the lazyinitialize function in the Ruby interpreter is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Ruby interpreter’s methods UNIXServer.open and UNIXSocket.open allows attackers to circumvent security restrictions.

The vulnerability of the UNIXServer.open and UNIXSocket.open methods in the Ruby programming language exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to bypass security restrictions from a remote location...

The vulnerability of the Ruby interpreter, related to the execution of operations beyond the buffer boundaries in memory, allows attackers to trigger a service failure.

The vulnerability of the Ruby interpreter is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures...

[SECURITY] [DSA 4332-1] ruby2.3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4332-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 03, 2018 https://www.debian.org/security/faq -...

Debian DSA-4259-1 : ruby2.3 - security update

Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in incorrect processing of HTTP/FTP, directory traversal, command injection, unintended socket creation or information disclosure. This update also fixes several issues in RubyGems which could...

[SECURITY] [DLA 1358-1] ruby1.9.1 security update

Package : ruby1.9.1 Version : 1.9.3.194-8.1+deb7u8 CVE ID : CVE-2017-17742 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 CVE-2018-1000075 CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078 Multiple vulnerabilities were found in the interpreter for the Ruby language. The...

Debian DLA-1222-1 : ruby1.8 security update

Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2017-17405 A command injection vulnerability in Net::FTP might allow a malicious FTP server the execution of arbitrary...

Debian DLA-1221-1 : ruby1.9.1 security update

Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2017-17405 A command injection vulnerability in Net::FTP might allow a malicious FTP server the execution of arbitrary...

MGASA-2017-0371 Updated ruby packages fix security vulnerabilities

If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or the Ruby interpreter may crash CVE-2017-0898. If a malicious string is passed to th...

The vulnerability of the Ruby interpreter arises from an operation that goes beyond buffer boundaries in memory, allowing a malicious actor to trigger a service failure.

The vulnerability of the Ruby interpreter arises from an operation that occurs outside the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause a service failure during the execution of the JSON.generate function. The problem lies in the use of the strdu...

ruby -- multiple vulnerabilities

Ruby blog: CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or the Ruby...

Buffer underrun vulnerability in Kernel.sprintf

There is a buffer underrun vulnerability in the sprintf method of Kernel module. If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or th...

The vulnerability of the _cancel_eval method in the TclTkIp class of the Ruby interpreter allows a hacker to execute arbitrary code.

The vulnerability of the canceleval method in the TclTkIp class of the Ruby interpreter arises from an incorrect check of the returned value by the method or function. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code...

The vulnerability in the WIN32OLE methods ole_invoke and ole_query_interface of the Ruby interpreter allows a malicious actor to execute arbitrary code.

The vulnerability in the WIN32OLE methods oleinvoke and olequeryinterface of the Ruby interpreter arises due to incorrect checking of the returned value from these methods or functions. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

shopify-scripts: SIGSEGV - mrb_vm_exec - vm.c in line:1272

PoC: ------------------- The following code triggers the bug attached as testmrbvmexec1272.rb: a,a,a,a=0,def e end a Sandbox: ------------------- x@x:/Desktop/research/mruby-engine/bin$ ./sandbox testmrbvmexec1272.rb ./sandbox:20: BUG Segmentation fault at 0x00000000000018 ruby 2.2.6p396 2016-11-...

The vulnerability of the Ruby interpreter allows a hacker to replace the SSL server.

The vulnerability of the Ruby interpreter in the OpenSSL extension lies in the improper checking of names of nodes and certificates that contain group symbols. As a result, exploiting this vulnerability using a specially crafted certificate can allow a compromise to replace the SSL server...