CVE-2016-2337

Опубликовано: 14 июн. 2016

Источник: redhat

CVSS3: 7

EPSS Низкий

Описание

Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.

Отчет

Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

Платформа	Пакет	Состояние
CloudForms Management Engine 5	rh-ruby22-ruby	Will not fix
CloudForms Management Engine 5	ruby-200-ruby	Will not fix
Red Hat Enterprise Linux 5	ruby	Will not fix
Red Hat Enterprise Linux 6	ruby	Will not fix
Red Hat Enterprise Linux 7	ruby	Will not fix
Red Hat Software Collections	rh-ruby22-ruby	Will not fix
Red Hat Software Collections	rh-ruby23-ruby	Will not fix
Red Hat Software Collections	ruby200-ruby	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-843

https://bugzilla.redhat.com/show_bug.cgi?id=1412680ruby: TclTkIp ip_cancel_eval type confusion vulnerability

EPSS

Процентиль: 74%

0.00805

Низкий

7 High

CVSS3

Связанные уязвимости

CVE-2016-2337

CVSS3: 9.8

ubuntu

около 9 лет назад

Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.

CVE-2016-2337

CVSS3: 9.8

nvd

около 9 лет назад

Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.

CVE-2016-2337

CVSS3: 9.8

debian

около 9 лет назад

Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Att ...

GHSA-f58m-77qc-8gjv

CVSS3: 9.8

github

больше 3 лет назад

Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.

BDU:2017-01651

fstec

около 9 лет назад

Уязвимость метода _cancel_eval класса TclTkIp интерпретатора Ruby, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 74%

0.00805

Низкий

7 High

CVSS3