Lucene search

K
ubuntucveUbuntu.comUB:CVE-2015-7551
HistoryMar 23, 2016 - 12:00 a.m.

CVE-2015-7551

2016-03-2300:00:00
ubuntu.com
ubuntu.com
6

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.7%

The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before
2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple
OS X before 10.11.4 and other products, mishandles tainting, which allows
context-dependent attackers to execute arbitrary code or cause a denial of
service (application crash) via a crafted string, related to the DL module
and the libffi library. NOTE: this vulnerability exists because of a
CVE-2009-5147 regression.

Bugs

Notes

Author Note
mdeslaur This is the same issue as CVE-2009-5147, except for other releases than 1.9.1
OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchruby2.0< 2.0.0.484-1ubuntu2.4UNKNOWN

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.7%

Related for UB:CVE-2015-7551