CVE-2008-3657

Exploit

EPSS 39.22%
Published 13.08.2008 01:41:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.

Affected products Warnungen 0 Metrics 2 CWE 1 References 33

Data is provided by the National Vulnerability Database (NVD)

Ruby-lang ≫ Ruby Version <= 1.8.5

Ruby-lang ≫ Ruby Version1.6.8

Ruby-lang ≫ Ruby Version1.8.0

Ruby-lang ≫ Ruby Version1.8.1

Ruby-lang ≫ Ruby Version1.8.1 Update-9

Ruby-lang ≫ Ruby Version1.8.2

Ruby-lang ≫ Ruby Version1.8.2 Updatepreview2

Ruby-lang ≫ Ruby Version1.8.2 Updatepreview3

Ruby-lang ≫ Ruby Version1.8.2 Updatepreview4

Ruby-lang ≫ Ruby Version1.8.3

Ruby-lang ≫ Ruby Version1.8.3 Updatepreview1

Ruby-lang ≫ Ruby Version1.8.3 Updatepreview2

Ruby-lang ≫ Ruby Version1.8.3 Updatepreview3

Ruby-lang ≫ Ruby Version1.8.4

Ruby-lang ≫ Ruby Version1.8.4 Updatepreview1

Ruby-lang ≫ Ruby Version1.8.4 Updatepreview2

Ruby-lang ≫ Ruby Version1.8.4 Updatepreview3

Ruby-lang ≫ Ruby Version1.8.5 Updatep11

Ruby-lang ≫ Ruby Version1.8.5 Updatep113

Ruby-lang ≫ Ruby Version1.8.5 Updatep115

Ruby-lang ≫ Ruby Version1.8.5 Updatep12

Ruby-lang ≫ Ruby Version1.8.5 Updatep2

Ruby-lang ≫ Ruby Version1.8.5 Updatep35

Ruby-lang ≫ Ruby Version1.8.5 Updatepreview1

Ruby-lang ≫ Ruby Version1.8.5 Updatepreview2

Ruby-lang ≫ Ruby Version1.8.5 Updatepreview3

Ruby-lang ≫ Ruby Version1.8.5 Updatepreview4

Ruby-lang ≫ Ruby Version1.8.5 Updatepreview5

Ruby-lang ≫ Ruby Version1.8.6

Ruby-lang ≫ Ruby Version1.8.6 Updatep110

Ruby-lang ≫ Ruby Version1.8.6 Updatep114

Ruby-lang ≫ Ruby Version1.8.6 Updatepreview1

Ruby-lang ≫ Ruby Version1.8.6 Updatepreview2

Ruby-lang ≫ Ruby Version1.8.6 Updatepreview3

Ruby-lang ≫ Ruby Version1.8.7

Ruby-lang ≫ Ruby Version1.8.7 Updatep17

Ruby-lang ≫ Ruby Version1.8.7 Updatep22

Ruby-lang ≫ Ruby Version1.8.7 Updatep71

Ruby-lang ≫ Ruby Version1.8.7 Updatepreview1

Ruby-lang ≫ Ruby Version1.8.7 Updatepreview2

Ruby-lang ≫ Ruby Version1.8.7 Updatepreview3

Ruby-lang ≫ Ruby Version1.8.7 Updatepreview4

Ruby-lang ≫ Ruby Version1.9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	39.22%	0.972

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

http://secunia.com/advisories/35074

Vendor Advisory

http://support.apple.com/kb/HT3549

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

US Government Resource

http://www.vupen.com/english/advisories/2009/1297

Vendor Advisory

http://secunia.com/advisories/32371

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2008-0897.html

http://secunia.com/advisories/33178