Your submission was sent successfully! Close

CVE-2012-4522

Published: 15 October 2012

The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.

Priority

Medium

Status

Package Release Status
ruby1.8
Launchpad, Ubuntu, Debian
Upstream Needs triage

ruby1.9
Launchpad, Ubuntu, Debian
Upstream
Released (1.9.3 patchlevel 286)
ruby1.9.1
Launchpad, Ubuntu, Debian
Upstream
Released (1.9.3 patchlevel 286)
Patches:
Upstream: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37164 (1.9.3 branch)