Ruby Floating Point Parsing Heap Buffer Overflow Vulnerability

Ruby is prone to a heap-based buffer overflow vulnerability because it fails to adequate boundary checks on user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of the application using the affected function. Failed exploit attempts will likely crash the application.

Following versions are vulnerable:

Ruby 1.8
Ruby 1.9 prior to 1.9.3-p484
Ruby 2.0 prior to 2.0.0-p353
Ruby 2.1 prior to 2.1.0 preview2


 

Privacy Statement
Copyright 2010, SecurityFocus