92 matches found
CVE-2011-2705
CVE-2011-2705 affects Ruby’s SecureRandom.init in lib/securerandom.rb. The vulnerability arises because SecureRandom.random_bytes relies on PID values for initialization in Ruby versions prior to 1.8.7-p352 and 1.9.x prior to 1.9.2-p290, enabling context-dependent attackers to predict the generat...
CVE-2011-4121
The CVE-2011-4121 entry concerns the OpenSSL extension in Ruby’s Git trunk (versions after 2011-09-01 through 2011-11-03) where private RSA key generation used a constant exponent value of '1'. This flaw could allow a remote attacker to bypass or corrupt integrity of services relying on generated...
CVE-2008-2664
CVE-2008-2664 details: In Ruby, the rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context‑dependent attackers to trigger memory corruption via unspecified vectors related to alloca. This ...
CVE-2007-5162
CVE-2007-5162 affects Ruby 1.8.5/1.8.6: Net::HTTP and Net::HTTPS do not verify the server certificate CN against the requested domain, enabling MITM or spoofed sites. The connected MiracleLinux advisory ( AXSA-2007-63:01 ) reiterates the flaw across multiple Net modules (including Net::HTTP/Net::...
CVE-2015-7551
CVE-2015-7551 affects Ruby versions before the patch, where Fiddle::Handle in ext/fiddle/handle.c mishandles tainting, allowing context-dependent attackers to cause arbitrary code execution or a crash via a tainted string. The vulnerability stems from taint handling in the DL/libffi-related path ...
CVE-2012-4466
CVE-2012-4466 affects Ruby 1.8.7 before patchlevel 371, Ruby 1.9.3 before patchlevel 286, and Ruby 2.0 before revision r37068. The issue allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via name_err_mesg_to_str, tainting handling for strings. This ...
CVE-2015-3900
Vulnerability summary: CVE-2015-3900 affects RubyGems 2.0.x up to 2.0.16, 2.2.x up to 2.2.4, and 2.4.x up to 2.4.7. It does not validate hostnames when fetching gems or API requests, enabling a remote attacker to redirect requests to arbitrary domains via a crafted DNS SRV record (DNS hijack atta...
CVE-2008-3656
The CVE-2008-3656 issue is a denial-of-service in WEBrick’s HTTP header handling: WEBrick::HTTPUtils.split_header_value in WEBrick::DefaultFileHandler backed by a backtracking regex causes CPU exhaustion when processing crafted HTTP requests. Affected Ruby versions include 1.8.5 and earlier, 1.8....
CVE-2013-2065
CVE-2013-2065 is a taint-check bypass in Ruby's DL and Fiddle native extensions. The initial description notes that Ruby 1.9.x up to 1.9.3 patchlevel 426 and Ruby 2.0 up to patchlevel 195 do not taint-check native functions, allowing context-dependent attackers to bypass safe-level restrictions. ...
CVE-2013-4287
CVE-2013-4287 represents an algorithmic complexity DoS in RubyGems via an unsafe regular expression in Gem::Version::VERSION_PATTERN. Affected RubyGems versions include pre-1.8.23.1, 1.8.24–1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0 (per upstream and advisories); note that an incomplete f...
CVE-2009-1904
CVE-2009-1904 concerns the Ruby BigDecimal conversion to Float: Ruby 1.8.6 before p369 and 1.8.7 before p173 can crash an application (DoS) when given a very large numeric string. Connected advisories (e.g., MiracleLinux AXSA-2009-78:01) confirm a patch was released (e.g., “New patchlevel fixing ...
CVE-2011-1004
CVE-2011-1004 affects Ruby 1.8.6–1.9.3dev; the FileUtils.remove_entry_secure method is vulnerable to a symlink race, allowing local users to delete arbitrary files. Affected versions and impact are documented in trusted advisories. Remediation mentioned in connected docs includes upgrading to Rub...
CVE-2008-3655
CVE-2008-3655 affects Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423. It does not properly restrict access to critical variables and methods at various safe levels, allowing context‑dependent attackers to bypass access restrictions via (1) untrac...
CVE-2012-4464
Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 are vulnerable to a context-dependent taint bypass via exc_to_s or name_err_to_s in the exception-to-string paths, allowing modification of untainted strings and bypassing safe-level restrictions (distinct from CVE-2012-4466). Root c...
CVE-2011-1005
The CVE-2011-1005 issue affects Ruby’s safe-level mechanism (Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev), where untrusted strings could be modified via Exception#to_s, enabling context-dependent attackers to alter a pathname. Public advisories reference this vulnerability...
CVE-2008-2726
CVE-2008-2726 is described in connected docs as an integer overflow in rb_ary_splice on Ruby 1.8.4 and earlier (and related 1.8.x lines) that allows context-dependent memory corruption. MiracleLinux AXSA-2008-86:01 explicitly includes CVE-2008-2726 among ruby issues and references the Real Alloc_...
CVE-2008-3905
CVE-2008-3905 is associated with Ruby’s DNS resolver (resolv.rb). The issue stems from predictable transaction IDs and a fixed source port when sending DNS requests, enabling remote attackers to spoof DNS replies. The connected advisories confirm that resolv.rb’s DNS request handling could be exp...
CVE-2008-2662
CVE-2008-2662 is a Ruby vulnerability: multiple integer overflows in rb_str_buf_append() across Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2. These overflows allow context-dependent attackers to execute arbitrary code o...
CVE-2011-3624
CVE-2011-3624 affects WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier. The vulnerability arises because these methods do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers, which could allow remote attackers to inject arbitrary text into log files or to byp...
CVE-2012-4481
CVE-2012-4481 affects Ruby 1.8.x where the safe-level feature allows context-dependent attackers to modify strings via NameError#to_s, noted as a follow-up to an incomplete fix for CVE-2011-1005. Connected advisories show affected Ruby 1.8.5/1.8.7 variants in MiracleLinux and EulerOS environments...
CVE-2013-4363
RubyGems CVE-2013-4363 is a REGEX backtracking DoS vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN. Affected are RubyGems versions prior to 1.8.23.2, 1.8.24–1.8.26, 2.0.x prior to 2.0.10, and 2.1.x prior to 2.1.5, when parsing gem version strings (used with Ruby 1.9.0–2.0.0p247). The issu...
CVE-2008-1891
The CVE-2008-1891 entry covers a directory traversal in WEBrick for Ruby (affecting Ruby 1.8.4 and earlier, 1.8.5 before p231, 1.8.6 before p230, 1.8.7 before p22, and 1.9.0 before 1.9.0‑2) when using NTFS/FAT filesystems. An attacker could read arbitrary CGI files by supplying a trailing charact...
CVE-2008-3443
CVE-2008-3443 affects Ruby’s regex engine in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423. The issue enables remote attackers to cause a denial of service (infinite loop and crash) by sending multiple long requests to a Ruby socket (notably Web...
CVE-2007-5770
Concrete details found: CVE-2007-5162 and CVE-2007-5770 affect Ruby 1.8.5/1.8.6. The MiracleLinux AXSA-2007-63:01 advisory states that the CN field in a server certificate is not verified against the domain in the request for (1) Net::HTTP/Net::HTTPS and (2) multiple Net modules (ftptls, telnets,...
CVE-2008-3790
CVE-2008-3790 details Affected software: Ruby (versions 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9). Vulnerable component: REXML module. Root cause/impact: XML entity explosion in XML documents enables context-dependent attackers to cause a denial of service (CPU consumption). Exp...
CVE-2008-2725
CVE-2008-2725 is an integer overflow in Ruby’s rb_ary_splice (and related issues in rb_ary_splice) affecting Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22. The vulnerability can trigger memory corruption via unspecified vectors in context-dep...
CVE-2011-3009
CVE-2011-3009 is confirmed in connected advisories as affecting Ruby before 1.8.6-p114, where the random seed is not reset on fork, enabling context-dependent prediction of random numbers (related to CVE-2003-0900). MiracleLinux advisories list this CVE among affected Ruby packages and indicate r...
CVE-2008-2663
Ruby 1.8.4 and earlier (and 1.8.5-p231, 1.8.6-p230, 1.8.7-p22) are affected by an integer overflow in rb_ary_store that can enable context-dependent arbitrary code execution or a denial of service (CVE-2008-2663). The MiracleLinux, Oracle Linux, and Red Hat advisories in the connected documents r...
CVE-2008-2376
CVE-2008-2376 is an integer overflow in Ruby’s rb_ary_fill (array.c) that affects Ruby before revision 17756, allowing context-dependent attackers to cause a crash or potentially other impact via Array#fill when start (beg) > ARY_MAX_SIZE. The issue arises from an incomplete fix for related ov...
CVE-2008-3657
CVE-2008-3657 is a confirmed issue in the Ruby DL module where inputs are not tainted, allowing context-dependent attackers to bypass safe levels and call dangerous functions via DL.dlopen. Affected are Ruby 1.8.5 and older, 1.8.6 up to -p286, 1.8.7 up to -p71, and 1.9 up to r18423. Connected adv...
CVE-2011-2686
CVE-2011-2686 affects Ruby (MRI) older than 1.8.7-p352; it arises from a regression in 1.8.6 where the random seed is not reset on fork, allowing context-dependent attackers to predict random numbers from a child process. The issue is fixed in Ruby 1.8.7-p352 and later. No exploitation details ar...
CVE-2009-0642
CVE-2009-0642 affects Ruby 1.8 and 1.9: ext/openssl/ossl_ocsp.c may fail to properly check OCSP_basic_verify() return value, potentially allowing a remote attacker to use an invalid X.509 certificate (possibly revoked). Multiple advisories reference this issue (e.g., RHSA-2009:1140, ELSA-2009-114...
CVE-2008-4310
CVE-2008-4310 is a WEBrick Denial of Service issue: httputils.rb in WEBrick used by Ruby 1.8.1 and 1.8.5 (as deployed in RHEL 4/5) can be triggered by a crafted HTTP request, causing CPU exhaustion. The note indicates it stems from an incomplete fix for CVE-2008-3656. Connected advisories show ve...
CVE-2014-2734
The CVE-2014-2734 entry concerns the Ruby OpenSSL extension in Ruby 2.x, where the process memory state may not be correctly maintained after reopening a file, enabling remote attackers to spoof signatures during signature verification after specific filesystem operations. SUSE/PT-2019-4673 and P...
CVE-2009-4124
CVE-2009-4124 affects Ruby 1.9.x where a heap-based buffer overflow in rb_str_justify (string.c) allows context-dependent attackers to execute arbitrary code via String#ljust, String#center, or String#rjust. Affected versions are Ruby 1.9.1 prior to 1.9.1-p376. The vulnerability is classified wit...
CVE-2014-6438
CVE-2014-6438: The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service via a crafted string, due to catastrophic regular expression backtracking and related resource consumption or application crash. The issue affects Ruby versions p...
CVE-2016-2336
CVE-2016-2336 : Type confusion exists in two methods of Ruby’s WIN32OLE class, ole_invoke and ole_query_interface . Attacker-supplied objects of unexpected types can trigger arbitrary code execution, as noted in multiple connected records. The vulnerability affects Ruby’s WIN32OLE interactions, w...
CVE-2017-11465
CVE-2017-11465 concerns Ruby 2.4.1’s UTF-8 parser. The vulnerability lies in the function parser_yyerror (related to parser_tokadd_utf8 in parse.y), which can be triggered by a crafted script to cause a denial of service via invalid read/write and may have other impact, including potential bypass...
CVE-2012-5380
CVE-2012-5380 is an Untrusted search path vulnerability affecting Ruby 1.9.3-p194 installed in the top-level C:. The installation can lead to privilege escalation via a Trojan horse DLL (wlbsctrl.dll) placed in C:\Ruby193\bin that could be added to PATH and loaded by the IKE and AuthIP IPsec Keyi...
CVE-2010-2489
Ruby 1.9.x before 1.9.1-p429 on Windows is affected by a buffer overflow in ARGF.inplace_mode used when constructing backup filenames, allowing local privilege escalation. The issue is addressed in Ruby 1.9.1-p429 (Ruby on Windows update). Affected components: Ruby 1.9.x, ARGF.inplace_mode handli...
CVE-2017-6181
The CVE-2017-6181 entry corresponds to an unbounded recursion flaw in the Onigmo (Oniguruma-mod) regular expression library’s parse_char_class function (regparse.c) used by Ruby 2.4.0. A crafted regular expression can cause a remote attacker to trigger deep recursion and a potential application c...
CVE-2026-46727
Ruby 4 before 4.0.5 contains a race condition that can cause a use-after-free in the pthread-based getaddrinfo timeout handler (rb_getaddrinfo in ext/socket/raddrinfo.c). A remote attacker able to delay DNS responses near the user-specified timeout could crash a Ruby process calling Addrinfo.geta...