Vulnerability CVE-2009-4124: Information

Description

Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of these details are obtained from third party information.

Severity: CRITICAL (10.0)

URL: https://nvd.nist.gov/vuln/detail/CVE-2009-4124
Published: Dec. 11, 2009
Modified: Aug. 17, 2017
Error type identifier: CWE-119

References to Advisories, Solutions, and Tools

Hyperlink
Resource
http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/
  • Patch
  • Vendor Advisory
60880
    37660
    • Vendor Advisory
    ADV-2009-3471
    • Vendor Advisory
    37278
      ruby-rbstrjustify-bo(54674)

          1. Configuration 1

            cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_2:*:*:*:*:*:*
            cpe:2.3:a:ruby-lang:ruby:1.9.1:-p0:*:*:*:*:*:*
            cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc2:*:*:*:*:*:*
            cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_1:*:*:*:*:*:*
            cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc1:*:*:*:*:*:*
            cpe:2.3:a:ruby-lang:ruby:1.9.1:-p129:*:*:*:*:*:*
            cpe:2.3:a:ruby-lang:ruby:1.9.1:-p243:*:*:*:*:*:*
        VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
        Version: v24.5.3
        Back to top