[Forgot Password]
Login  Register Subscribe

23631

 
 

126941

 
 

98503

 
 

909

 
 

79321

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-4124

Date: (C)2009-12-11   (M)2017-11-18 


Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of these details are obtained from third party information.

CVSS Score: 10.0Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE





Reference:
BID-37278
SECUNIA-37660
OSVDB-60880
ADV-2009-3471
http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/
ruby-rbstrjustify-bo(54674)

CWE    1
CWE-119
OVAL    1
oval:org.secpod.oval:def:700195

© 2013 SecPod Technologies