Wind River Support Network

HomeDefectsLIN5-15577
Fixed

LIN5-15577 : Security Advisory - ruby - CVE-2012-4464

Created: May 2, 2013    Updated: Dec 19, 2017
Resolved Date: Aug 21, 2013
Previous ID: LIN3-9118
Found In Version: 5.0
Fix Version: 5.0.1.7
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466.  NOTE: this issue might exist because of a CVE-2011-1005 regression.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4464

Workaround

Unknown

Steps to Reproduce

Unknown

Other Downloads


Live chat
Online