Vulnerability Description
Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of these details are obtained from third party information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ruby-Lang | Ruby | 1.9.1 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/37660Vendor Advisory
- http://www.osvdb.org/60880
- http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/PatchVendor Advisory
- http://www.securityfocus.com/bid/37278
- http://www.vupen.com/english/advisories/2009/3471Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54674
- http://secunia.com/advisories/37660Vendor Advisory
- http://www.osvdb.org/60880
- http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/PatchVendor Advisory
- http://www.securityfocus.com/bid/37278
- http://www.vupen.com/english/advisories/2009/3471Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54674
FAQ
What is CVE-2009-4124?
CVE-2009-4124 is a vulnerability with a CVSS score of 10.0 (HIGH). Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1)...
How severe is CVE-2009-4124?
CVE-2009-4124 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4124?
Check the references section above for vendor advisories and patch information. Affected products include: Ruby-Lang Ruby.