CVE-2009-4124 - OpenCVE

Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of these details are obtained from third party information.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Ruby-lang	Ruby

Configuration 1 [-]

OR	cpe:2.3:a:ruby-lang:ruby:1.9.1:-p0::::::
	cpe:2.3:a:ruby-lang:ruby:1.9.1:-p129::::::
	cpe:2.3:a:ruby-lang:ruby:1.9.1:-p243::::::
	cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_1::::::
	cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_2::::::
	cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc1::::::
	cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc2::::::

References

Link	Resource
http://secunia.com/advisories/37660	Vendor Advisory
http://www.osvdb.org/60880
http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/	Patch Vendor Advisory
http://www.securityfocus.com/bid/37278
http://www.vupen.com/english/advisories/2009/3471	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/54674

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2009-12-11T16:00:00

Updated: 2017-08-16T14:57:01

Reserved: 2009-11-30T00:00:00

Link: CVE-2009-4124

JSON object: View

NVD Information

Status : Modified

Published: 2009-12-11T16:30:00.267

Modified: 2017-08-17T01:31:27.287

Link: CVE-2009-4124

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-12-07T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of these details are obtained from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "60880", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/60880"}, {"name": "ruby-rbstrjustify-bo(54674)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54674"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/"}, {"name": "ADV-2009-3471", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/3471"}, {"name": "37278", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/37278"}, {"name": "37660", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37660"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-4124", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of these details are obtained from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "60880", "refsource": "OSVDB", "url": "http://www.osvdb.org/60880"}, {"name": "ruby-rbstrjustify-bo(54674)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54674"}, {"name": "http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/", "refsource": "CONFIRM", "url": "http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/"}, {"name": "ADV-2009-3471", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/3471"}, {"name": "37278", "refsource": "BID", "url": "http://www.securityfocus.com/bid/37278"}, {"name": "37660", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37660"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-4124", "datePublished": "2009-12-11T16:00:00", "dateReserved": "2009-11-30T00:00:00", "dateUpdated": "2017-08-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.1:-p0:*:*:*:*:*:*", "matchCriteriaId": "470CF526-96F6-4DD1-B687-17106051A6D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.1:-p129:*:*:*:*:*:*", "matchCriteriaId": "52159D9F-8CD3-4103-82E6-BDE035BA3625", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.1:-p243:*:*:*:*:*:*", "matchCriteriaId": "EC0FD3F8-73A3-4518-8892-1E34D709FB89", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_1:*:*:*:*:*:*", "matchCriteriaId": "A7E15263-74D3-42D4-B37C-C649F68EDECC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_2:*:*:*:*:*:*", "matchCriteriaId": "BA7FEA9B-06CE-4D08-9D61-2526ED5AE630", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc1:*:*:*:*:*:*", "matchCriteriaId": "0D7F7EA5-7F6C-4C15-AB97-024836DC4862", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc2:*:*:*:*:*:*", "matchCriteriaId": "236B38D1-0CCA-43C5-B2FC-1224F4F4E165", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "Desbordamiento del b\u00fafer de la memoria din\u00e1mica en la funci\u00f3n rb_str_justify en string.c en Ruby v1.9.1 en versiones anteriores a v1.9.1-p376 atacantes dependientes del contexto podr\u00edan ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores sin especificar que incluyen (1) String#ljust, (2) String#center, o (3) String#rjust. NOTA: Algunos de los detalles han sido obtenidos de terceros."}], "id": "CVE-2009-4124", "lastModified": "2017-08-17T01:31:27.287", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-12-11T16:30:00.267", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37660"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/60880"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/37278"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3471"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54674"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}