CVE-2016-2339 - OpenCVE

An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Ruby-lang	Ruby

Configuration 1 [-]

OR	cpe:2.3:a:ruby-lang:ruby:2.2.2:::::::*
	cpe:2.3:a:ruby-lang:ruby:2.3.0:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/91234
http://www.talosintelligence.com/reports/TALOS-2016-0034/	Exploit Technical Description Third Party Advisory VDB Entry
https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2017-01-06T21:00:00

Updated: 2018-07-14T09:57:01

Reserved: 2016-02-12T00:00:00

Link: CVE-2016-2339

JSON object: View

NVD Information

Status : Modified

Published: 2017-01-06T21:59:00.493

Modified: 2018-07-15T01:29:00.413

Link: CVE-2016-2339

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "Ruby", "vendor": "Ruby", "versions": [{"status": "affected", "version": "2.3.0 dev"}, {"status": "affected", "version": "2.2.2"}]}], "datePublic": "2016-06-14T00:00:00", "descriptions": [{"lang": "en", "value": "An exploitable heap overflow vulnerability exists in the Fiddle::Function.new \"initialize\" function functionality of Ruby. In Fiddle::Function.new \"initialize\" heap buffer \"arg_types\" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow."}], "problemTypes": [{"descriptions": [{"description": "heap overflow vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-07-14T09:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"}, {"name": "91234", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/91234"}, {"tags": ["x_refsource_MISC"], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0034/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2016-2339", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Ruby", "version": {"version_data": [{"version_value": "2.3.0 dev"}, {"version_value": "2.2.2"}]}}]}, "vendor_name": "Ruby"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An exploitable heap overflow vulnerability exists in the Fiddle::Function.new \"initialize\" function functionality of Ruby. In Fiddle::Function.new \"initialize\" heap buffer \"arg_types\" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "heap overflow vulnerability"}]}]}, "references": {"reference_data": [{"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"}, {"name": "91234", "refsource": "BID", "url": "http://www.securityfocus.com/bid/91234"}, {"name": "http://www.talosintelligence.com/reports/TALOS-2016-0034/", "refsource": "MISC", "url": "http://www.talosintelligence.com/reports/TALOS-2016-0034/"}]}}}}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2016-2339", "datePublished": "2017-01-06T21:00:00", "dateReserved": "2016-02-12T00:00:00", "dateUpdated": "2018-07-14T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "5FCCD8F3-E667-42F2-9861-14EDFB16583A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "822307DD-7F7D-44C2-9C4B-CB8704663410", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An exploitable heap overflow vulnerability exists in the Fiddle::Function.new \"initialize\" function functionality of Ruby. In Fiddle::Function.new \"initialize\" heap buffer \"arg_types\" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow."}, {"lang": "es", "value": "Existe una vulnerabilidad explotable de desbordamiento de memoria din\u00e1mica en la funcionalidad Fiddle::Function.new \"initialize\" de Ruby. En Fiddle::Function.new \"initialize\" la ubicaci\u00f3n \"arg_types\" de la memoria din\u00e1mica del b\u00fafer se hace en base a la longitud de los args array. Un objeto especialmente construido pasado como un elemento de los args array puede incrementar el tama\u00f1o de este array despu\u00e9s de haber mencionado la ubicaci\u00f3n y provocar desbordamiento de memoria din\u00e1mica."}], "id": "CVE-2016-2339", "lastModified": "2018-07-15T01:29:00.413", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-01-06T21:59:00.493", "references": [{"source": "cret@cert.org", "url": "http://www.securityfocus.com/bid/91234"}, {"source": "cret@cert.org", "tags": ["Exploit", "Technical Description", "Third Party Advisory", "VDB Entry"], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0034/"}, {"source": "cret@cert.org", "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}