7.5

CVE-2009-5147

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.

Data is provided by the National Vulnerability Database (NVD)
Ruby-langRuby Version1.8.0
Ruby-langRuby Version1.9.0
Ruby-langRuby Version1.9.2
Ruby-langRuby Version1.9.3
Ruby-langRuby Version2.0.0
Ruby-langRuby Version2.0.0 Updatep195
Ruby-langRuby Version2.0.0 Updatep247
Ruby-langRuby Version2.0.0 Updatep353
Ruby-langRuby Version2.0.0 Updatep481
Ruby-langRuby Version2.0.0 Updatep576
Ruby-langRuby Version2.0.0 Updatep594
Ruby-langRuby Version2.0.0 Updatep598
Ruby-langRuby Version2.0.0 Updatep643
Ruby-langRuby Version2.0.0 Updatep645
Ruby-langRuby Version2.0.0 Updatep647
Ruby-langRuby Version2.1.0
Ruby-langRuby Version2.1.1
Ruby-langRuby Version2.1.2
Ruby-langRuby Version2.1.3
Ruby-langRuby Version2.1.4
Ruby-langRuby Version2.1.5
Ruby-langRuby Version2.1.6
Ruby-langRuby Version2.1.7
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 45.49% 0.975
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.3 3.9 3.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/76060
Third Party Advisory
VDB Entry
http://seclists.org/oss-sec/2015/q3/222
Patch
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1248935
Patch
Third Party Advisory
VDB Entry
Issue Tracking