Vulnerability Description
An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ruby-Lang | Ruby | 2.2.2 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- http://www.talosintelligence.com/reports/TALOS-2016-0032/ExploitThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/03/msg00032.htmlMailing ListThird Party Advisory
- https://security.netapp.com/advisory/ntap-20221228-0005/Third Party Advisory
- http://www.talosintelligence.com/reports/TALOS-2016-0032/ExploitThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/03/msg00032.htmlMailing ListThird Party Advisory
- https://security.netapp.com/advisory/ntap-20221228-0005/Third Party Advisory
FAQ
What is CVE-2016-2338?
CVE-2016-2338 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags a...
How severe is CVE-2016-2338?
CVE-2016-2338 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-2338?
Check the references section above for vendor advisories and patch information. Affected products include: Ruby-Lang Ruby, Debian Debian Linux.