CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2009-4124

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0370%
EPSS Percentile1.07th
Published2009年12月11日
Last Modified2026年4月23日

Vulnerability Description

Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of these details are obtained from third party information.

Affected Platforms (CPE)

📦
Ruby Lang

Ruby

= 1.9.1
📦
Ruby Lang

Ruby

= 1.9.1
📦
Ruby Lang

Ruby

= 1.9.1
📦
Ruby Lang

Ruby

= 1.9.1
📦
Ruby Lang

Ruby

= 1.9.1
📦
Ruby Lang

Ruby

= 1.9.1
📦
Ruby Lang

Ruby

= 1.9.1

References & Advisories

🔗 http://secunia.com/advisories/37660
🔗 http://www.osvdb.org/60880
🔗 http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/
🔗 http://www.securityfocus.com/bid/37278
🔗 http://www.vupen.com/english/advisories/2009/3471
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/54674
🔗 http://secunia.com/advisories/37660
🔗 http://www.osvdb.org/60880

相關漏洞威脅

CVE-2008-266310.0

Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p23...

CVE-2010-311910.0

Google Chrome before 5.0.375.127 and webkitgtk before 1.2.6 do not properly support the Ruby language, which allows attackers to c...

CVE-2008-266210.0

Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8....

CVE-2013-027710.0

ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute a...