CVE-2016-2338
Published: 29 September 2022
An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
ruby-psych Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(2.2.4-6build4)
|
| eoan |
Not vulnerable
(3.1.0-1build6)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
|
ruby1.9.1 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| eoan |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
|
ruby2.0 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| eoan |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
|
ruby2.3 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(2.3.1-2~ubuntu16.04.14)
|
|
| eoan |
Does not exist
|
|
|
Patches: upstream: https://git.ruby-lang.org/ruby.git/commit/?id=db48c307944a9a18877236bdf9e9b778875f38ed |
||
|
ruby2.5 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(2.5.1-1ubuntu1.6)
|
| eoan |
Not vulnerable
(2.5.5-4ubuntu2.1)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
|
Patches: upstream: https://git.ruby-lang.org/ruby.git/commit/?id=db48c307944a9a18877236bdf9e9b778875f38ed |
||
|
ruby2.7 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| eoan |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 9.8 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |