7.2

CVE-2010-2489

Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filenames of the backup files.

Data is provided by the National Vulnerability Database (NVD)
Ruby-langRuby Version1.9.0-0
   MicrosoftWindows
Ruby-langRuby Version1.9.0-1
   MicrosoftWindows
Ruby-langRuby Version1.9.0-2
   MicrosoftWindows
Ruby-langRuby Version1.9.0-20060415
   MicrosoftWindows
Ruby-langRuby Version1.9.0-20070709
   MicrosoftWindows
Ruby-langRuby Version1.9.1 Update-p0
   MicrosoftWindows
Ruby-langRuby Version1.9.1 Update-p129
   MicrosoftWindows
Ruby-langRuby Version1.9.1 Update-p243
   MicrosoftWindows
Ruby-langRuby Version1.9.1 Update-p376
   MicrosoftWindows
Ruby-langRuby Version1.9.1 Update-p429
   MicrosoftWindows
Ruby-langRuby Version1.9.1 Update-preview_1
   MicrosoftWindows
Ruby-langRuby Version1.9.1 Update-preview_2
   MicrosoftWindows
Ruby-langRuby Version1.9.1 Update-rc1
   MicrosoftWindows
Ruby-langRuby Version1.9.1 Update-rc2
   MicrosoftWindows
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.07% 0.184
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.