Lucene search

K
ubuntucveUbuntu.comUB:CVE-2020-10933
HistoryMay 04, 2020 - 12:00 a.m.

CVE-2020-10933

2020-05-0400:00:00
ubuntu.com
ubuntu.com
9

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.006 Low

EPSS

Percentile

79.5%

An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5,
and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size,
buffer, exception: false), the method resizes the buffer to fit the
requested size, but no data is copied. Thus, the buffer string provides the
previous value of the heap. This may expose possibly sensitive data from
the interpreter.

Notes

Author Note
leosilva vulnerable code introduced in 2.5.0
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchruby2.5< 2.5.1-1ubuntu1.8UNKNOWN
ubuntu20.04noarchruby2.7< 2.7.0-5ubuntu1.3UNKNOWN

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.006 Low

EPSS

Percentile

79.5%