Your submission was sent successfully! Close

CVE-2012-4522

Published: 15 October 2012

The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.

Notes

AuthorNote
seth-arnold
open("foo\0bar", "w") { |f| f.puts "hai" } # look for 'foo'
Priority

Medium

Status

Package Release Status
ruby1.8
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid Not vulnerable
(1.8.7.249-2ubuntu0.2 tested)
natty Not vulnerable
(1.8.7.302-2ubuntu0.2 tested)
oneiric Not vulnerable
(1.8.7.352-2ubuntu0.2 tested)
precise Not vulnerable
(1.8.7.352-2ubuntu1.1 tested)
quantal Not vulnerable
(1.8.7.358-4 tested)
upstream Needs triage

ruby1.9
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid Not vulnerable
(1.9.0.5-1ubuntu2 tested)
natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

upstream
Released (1.9.3 patchlevel 286)
ruby1.9.1
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable
(1.9.1.378-1 tested)
natty Not vulnerable
(1.9.2.0-2 tested)
oneiric Not vulnerable
(1.9.2.290-2 tested)
precise
Released (1.9.3.0-1ubuntu2.4)
quantal
Released (1.9.3.194-1ubuntu1.2)
upstream
Released (1.9.3 patchlevel 286)
Patches:
upstream: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37164 (1.9.3 branch)