ruby-advisory-db
ruby-advisory-db copied to clipboard
Add advisory for ruby DL::Function#call issue, fixed in ruby-1.9.1-p129
This was never assigned a CVE / OSVDB identifier (requested here), so it's not tracked at all:
- DL::Function#call could pass tainted arguments to a C function even if $SAFE > 0. https://github.com/ruby/ruby/commit/7269e3de3cee3bbb6ab77fc708f3a10cab00b65e
I requested one from MITRE, but they had some questions, which [email protected] has yet to respond to: http://seclists.org/oss-sec/2015/q3/222. I just sent them another poke.
@JuanitoFatas, perhaps you can poke somebody to reply to my e-mail? ;)
@unak just replied to my poke, but still lacking the correct info, I think.
Found these possible references:
- https://www.openwall.com/lists/oss-security/2015/07/28/4
- https://nvd.nist.gov/vuln/detail/CVE-2013-2065
- https://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065
- https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2013-2065.yml
Confirmed CVE-2013-2065 is discussing the DL::Function#call
tainting issue.