CVE-2009-5147

Опубликовано: 29 мар. 2017

Источник: nvd

CVSS3: 7.3

CVSS2: 7.5

EPSS Средний

Описание

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.

Ссылки

http://seclists.org/oss-sec/2015/q3/222
Patch
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/76060
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:0583
https://bugzilla.redhat.com/show_bug.cgi?id=1248935
Issue Tracking
Patch
Third Party Advisory
VDB Entry
https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b
Patch
Third Party Advisory
https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/
Vendor Advisory
http://seclists.org/oss-sec/2015/q3/222
Patch
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/76060
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:0583
https://bugzilla.redhat.com/show_bug.cgi?id=1248935
Issue Tracking
Patch
Third Party Advisory
VDB Entry
https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b
Patch
Third Party Advisory
https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.0.0:p353:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.0.0:p481:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.0.0:p576:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.0.0:p594:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.0.0:p598:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.0.0:p643:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.0.0:p645:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.0.0:p647:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.1.5:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.1.6:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.1.7:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.52002

Средний

7.3 High

CVSS3

7.5 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2009-5147

CVSS3: 7.3

ubuntu

больше 8 лет назад

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.

CVE-2009-5147

redhat

больше 16 лет назад

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.

CVE-2009-5147

CVSS3: 7.3

debian

больше 8 лет назад

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 6 ...

GHSA-mmq8-m72q-qgm4

CVSS3: 7.3

github

больше 3 лет назад

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.

EPSS

Процентиль: 98%

0.52002

Средний

7.3 High

CVSS3

7.5 High

CVSS2

Дефекты

CWE-20