Lucene search
RootSSV:15070HistoryDec 15, 2009 - 12:00 a.m.
Ruby "rb_str_justify()"缓冲区溢出漏洞
2009-12-1500:00:00
Root
www.seebug.org
14
0.013 Low
EPSS
Percentile
84.3%
CVE ID:CVE-2009-4124
Ruby是一款功能强大的面向对象的脚本语言。
String#ljust, String#center和String#rjust中存在堆溢出漏洞,允许攻击者在部分条件下执行任意代码。
问题存在于string.c代码中的"rb_str_justify()"函数。目前没有详细漏洞细节提供。
Ruby 1.9.x
Ruby 1.9.1-p376已经修复此漏洞,建议用户下载使用:
ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-p376.tar.bz2
Related
altlinux
altlinux
Security fix for the ALT Linux 5 package ruby version 1.9.1-alt1.r26040.1
2009-12-29 00:00:00
Security fix for the ALT Linux 5 package ruby version 1.9.1-alt1.r26040
2009-12-09 00:00:00
nessus
nessus
FreeBSD : ruby -- heap overflow vulnerability (eab8c3bd-e50c-11de-9cd0-001a926c7637)
2009-12-10 00:00:00
Ubuntu 8.10 / 9.04 / 9.10 : ruby1.9 vulnerabilities (USN-900-1)
2010-02-17 00:00:00
cve
cve
CVE-2009-4124
2009-12-11 16:30:00
openvas
openvas
FreeBSD Ports: ruby
2009-12-14 00:00:00
Ruby Interpreter Heap Overflow Vulnerability (Windows) - Dec09
2009-12-23 00:00:00
FreeBSD Ports: ruby
2009-12-14 00:00:00
prion
prion
Heap overflow
2009-12-11 16:30:00
ubuntucve
ubuntucve
CVE-2009-4124
2009-12-11 00:00:00
freebsd
freebsd
ruby -- heap overflow vulnerability
2009-11-30 00:00:00
rubygems
rubygems
ubuntu
ubuntu
Ruby vulnerabilities
2010-02-16 00:00:00