ruby-advisory-db Add advisory for ruby DL::Function#call issue, fixed in ruby-1.9.1-p129

Add advisory for ruby DL::Function#call issue, fixed in ruby-1.9.1-p129

Open reedloden opened this issue 8 years ago • 1 comments

This was never assigned a CVE / OSVDB identifier (requested here), so it's not tracked at all:

DL::Function#call could pass tainted arguments to a C function even if $SAFE > 0. https://github.com/ruby/ruby/commit/7269e3de3cee3bbb6ab77fc708f3a10cab00b65e

I requested one from MITRE, but they had some questions, which [email protected] has yet to respond to: http://seclists.org/oss-sec/2015/q3/222. I just sent them another poke.

@JuanitoFatas, perhaps you can poke somebody to reply to my e-mail? ;)

Jan 11 '16 03:01 reedloden

@unak just replied to my poke, but still lacking the correct info, I think.

Jan 11 '16 03:01 reedloden

Found these possible references:

https://www.openwall.com/lists/oss-security/2015/07/28/4
https://nvd.nist.gov/vuln/detail/CVE-2013-2065
https://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065
https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2013-2065.yml

May 23 '23 22:05 jasnow

Confirmed CVE-2013-2065 is discussing the DL::Function#call tainting issue.

May 23 '23 23:05 postmodern

ruby-advisory-db ruby-advisory-db copied to clipboard

Add advisory for ruby DL::Function#call issue, fixed in ruby-1.9.1-p129

ruby-advisory-db
ruby-advisory-db copied to clipboard