Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Ruby Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability - CVE-2016-2339 - Vulnerability Database
Ruby

Ruby Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability - CVE-2016-2339

Critical
Reference: CVE-2016-2339
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2016-2339
Title: Ruby Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability
Overview:

An exploitable heap overflow vulnerability exists in the Fiddle::Function.new quotinitializequot function functionality of Ruby. In Fiddle::Function.new quotinitializequot heap buffer quotarg_typesquot allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.