CVE-2016-2338
CVE-2016-2338
9.8
CriticalPublished:
Last updated:
Source:cret@cert.org
Modified
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- High
Description
An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow.
References
af854a3a-2127-422b-91ae-364da2661108
http://www.talosintelligence.com/reports/TALOS-2016-0032/af854a3a-2127-422b-91ae-364da2661108
https://lists.debian.org/debian-lts-announce/2020/03/msg00032.htmlaf854a3a-2127-422b-91ae-364da2661108
https://security.netapp.com/advisory/ntap-20221228-0005/