7.5

CVE-2009-5147

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ruby-langRuby Version1.8.0
Ruby-langRuby Version1.9.0
Ruby-langRuby Version1.9.2
Ruby-langRuby Version1.9.3
Ruby-langRuby Version2.0.0
Ruby-langRuby Version2.0.0 Updatep195
Ruby-langRuby Version2.0.0 Updatep247
Ruby-langRuby Version2.0.0 Updatep353
Ruby-langRuby Version2.0.0 Updatep481
Ruby-langRuby Version2.0.0 Updatep576
Ruby-langRuby Version2.0.0 Updatep594
Ruby-langRuby Version2.0.0 Updatep598
Ruby-langRuby Version2.0.0 Updatep643
Ruby-langRuby Version2.0.0 Updatep645
Ruby-langRuby Version2.0.0 Updatep647
Ruby-langRuby Version2.1.0
Ruby-langRuby Version2.1.1
Ruby-langRuby Version2.1.2
Ruby-langRuby Version2.1.3
Ruby-langRuby Version2.1.4
Ruby-langRuby Version2.1.5
Ruby-langRuby Version2.1.6
Ruby-langRuby Version2.1.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.77% 0.939
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.3 3.9 3.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/76060
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:0583
https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/
Vendor Advisory
http://seclists.org/oss-sec/2015/q3/222
Patch
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1248935
Patch
Third Party Advisory
VDB Entry
Issue Tracking
https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b
Patch
Third Party Advisory