FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ruby -- heap overflow vulnerability

Affected packages
1.9.1,1 <= ruby < 1.9.1.376,1

Details

VuXML ID eab8c3bd-e50c-11de-9cd0-001a926c7637
Discovery 2009-11-30
Entry 2009-12-09

The official ruby site reports:

There is a heap overflow vulnerability in String#ljust, String#center and String#rjust. This has allowed an attacker to run arbitrary code in some rare cases.

[source]

References

CVE Name CVE-2009-4124
URL http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.