Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2016-2337

Опубликовано: 06 янв. 2017
Источник: ubuntu
Приоритет: negligible
EPSS Низкий
CVSS2: 7.5
CVSS3: 9.8

Описание

Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.

РелизСтатусПримечание
devel

DNE

esm-infra-legacy/trusty

DNE

precise

ignored

end of life
precise/esm

DNE

precise was needed
trusty

DNE

trusty/esm

DNE

upstream

needs-triage

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

xenial

DNE

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [1.9.3.484-2ubuntu1.3]]
precise

ignored

end of life
precise/esm

DNE

precise was needed
trusty

released

1.9.3.484-2ubuntu1.3
trusty/esm

DNE

trusty was released [1.9.3.484-2ubuntu1.3]
upstream

needs-triage

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

xenial

DNE

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [2.0.0.484-1ubuntu2.4]]
precise

DNE

precise/esm

DNE

trusty

released

2.0.0.484-1ubuntu2.4
trusty/esm

DNE

trusty was released [2.0.0.484-1ubuntu2.4]
upstream

needs-triage

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

xenial

DNE

Показывать по

РелизСтатусПримечание
devel

not-affected

2.3.3-1
esm-infra-legacy/trusty

DNE

esm-infra/xenial

not-affected

2.3.1-2~16.04
precise

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

needs-triage

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 74%
0.00805
Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

redhat логотип

CVE-2016-2337

CVSS3: 7
redhat
больше 9 лет назад

Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.

nvd логотип

CVE-2016-2337

CVSS3: 9.8
nvd
около 9 лет назад

Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.

debian логотип

CVE-2016-2337

CVSS3: 9.8
debian
около 9 лет назад

Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Att ...

github логотип

GHSA-f58m-77qc-8gjv

CVSS3: 9.8
github
больше 3 лет назад

Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.

fstec логотип

BDU:2017-01651

fstec
около 9 лет назад

Уязвимость метода _cancel_eval класса TclTkIp интерпретатора Ruby, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 74%
0.00805
Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3

Уязвимость CVE-2016-2337