3 matches found
CVE-2012-4522
CVE-2012-4522 affects Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163, where a NUL byte in a file path enables context‑dependent attackers to create files in unintended locations or with unexpected names. The issue arises from rb_get_path_check in file.c and is confirmed by multiple...
CVE-2012-5371
CVE-2012-5371 affects Ruby (CRuby) 1.9 prior to 1.9.3-p327 and 2.0 prior to r37575. The issue is that hash values can be triggered for collisions without proper restriction, enabling context-dependent attackers to cause CPU-driven denial of service via crafted input to hash-table data structures,...
CVE-2012-5380
CVE-2012-5380 is an Untrusted search path vulnerability affecting Ruby 1.9.3-p194 installed in the top-level C:. The installation can lead to privilege escalation via a Trojan horse DLL (wlbsctrl.dll) placed in C:\Ruby193\bin that could be added to PATH and loaded by the IKE and AuthIP IPsec Keyi...