UBUNTU-CVE-2016-2339

An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.

References

Affected packages

Ubuntu:14.04:LTS / ruby1.9.1

Package

Name: ruby1.9.1
Purl: pkg:deb/ubuntu/ruby1.9.1@1.9.3.484-2ubuntu1.3?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.9.3.484-2ubuntu1.3

Affected versions

1.*

1.9.3.194-8.1ubuntu2

1.9.3.448-1ubuntu1

1.9.3.448-1ubuntu2

1.9.3.484-1ubuntu1

1.9.3.484-1ubuntu2

1.9.3.484-2ubuntu1

1.9.3.484-2ubuntu1.1

1.9.3.484-2ubuntu1.2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "libruby1.9.1",
            "binary_version": "1.9.3.484-2ubuntu1.3"
        },
        {
            "binary_name": "libtcltk-ruby1.9.1",
            "binary_version": "1.9.3.484-2ubuntu1.3"
        },
        {
            "binary_name": "ri1.9.1",
            "binary_version": "1.9.3.484-2ubuntu1.3"
        },
        {
            "binary_name": "ruby1.9.1",
            "binary_version": "1.9.3.484-2ubuntu1.3"
        },
        {
            "binary_name": "ruby1.9.1-dev",
            "binary_version": "1.9.3.484-2ubuntu1.3"
        },
        {
            "binary_name": "ruby1.9.1-examples",
            "binary_version": "1.9.3.484-2ubuntu1.3"
        },
        {
            "binary_name": "ruby1.9.1-full",
            "binary_version": "1.9.3.484-2ubuntu1.3"
        },
        {
            "binary_name": "ruby1.9.3",
            "binary_version": "1.9.3.484-2ubuntu1.3"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-2339.json"

Ubuntu:14.04:LTS / ruby2.0

Package

Name: ruby2.0
Purl: pkg:deb/ubuntu/ruby2.0@2.0.0.484-1ubuntu2.4?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.0.484-1ubuntu2.4

Affected versions

2.*

2.0.0.299-2

2.0.0.343-1

2.0.0.343-1ubuntu1

2.0.0.353-1

2.0.0.353-1ubuntu1

2.0.0.484-1ubuntu1

2.0.0.484-1ubuntu2

2.0.0.484-1ubuntu2.1

2.0.0.484-1ubuntu2.2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "libruby2.0",
            "binary_version": "2.0.0.484-1ubuntu2.4"
        },
        {
            "binary_name": "ruby2.0",
            "binary_version": "2.0.0.484-1ubuntu2.4"
        },
        {
            "binary_name": "ruby2.0-dev",
            "binary_version": "2.0.0.484-1ubuntu2.4"
        },
        {
            "binary_name": "ruby2.0-tcltk",
            "binary_version": "2.0.0.484-1ubuntu2.4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-2339.json"