CVE-2016-2339

2017-01-06T00:00:00
ID UB:CVE-2016-2339
Type ubuntucve
Reporter ubuntu.com
Modified 2017-01-06T00:00:00

Description

An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.

Bugs

  • <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851161>

Notes

Author| Note
---|---
mdeslaur | 2.3.0 and later not affected