Ruby - (bulletinjan2019)ID: oval:org.secpod.oval:def:2103546 | Date: (C)2019-12-30 (M)2024-05-09 |
Class: PATCH | Family: unix |
The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as a bypass of a $SAFE protection mechanism.
Product: |
runtime/ruby-23 |
runtime/ruby-23/ruby-tk |