BIT-ruby-2020-10933

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/ruby/BIT-ruby-2020-10933.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-ruby-2020-10933
Aliases
Published
2024-03-06T11:06:11.096Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#readnonblock(requestedsize, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.

References

Affected packages

Bitnami / ruby

Package

Name
ruby
Purl
pkg:bitnami/ruby

Severity

  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
2.5.0
Fixed
2.5.7
Introduced
2.6.0
Fixed
2.6.5
Type
SEMVER
Events
Introduced
2.7.0
Last affected
2.7.0