forked from rubysec/ruby-advisory-db
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathCVE-2016-2337.yml
More file actions
22 lines (22 loc) · 756 Bytes
/
CVE-2016-2337.yml
File metadata and controls
22 lines (22 loc) · 756 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
---
engine: ruby
cve: 2016-2337
ghsa: f58m-77qc-8gjv
url: https://nvd.nist.gov/vuln/detail/CVE-2016-2337
title: Type confusion exists in _cancel_eval Ruby's TclTkIp class
date: 2017-01-06
description: |
Type confusion exists in _cancel_eval Ruby's TclTkIp class method.
Attacker passing different type of object than String as "retval"
argument can cause arbitrary code execution.
cvss_v3: 9.8
cvss_v4: 7.5
patched_versions:
- ">= 2.2.8"
related:
url:
- https://nvd.nist.gov/vuln/detail/CVE-2016-2337
- https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html
- https://security.gentoo.org/glsa/201710-18
- http://www.talosintelligence.com/reports/TALOS-2016-0031
- https://github.com/advisories/GHSA-f58m-77qc-8gjv