CVE-2009-5147

CVSS v3.0 7.3 (High)

CVSS v2.0 7.5 (High)

EPSS 0.77 % (81^th)

Affected Products 1

Advisories 4

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.

Weaknesses

CWE-20: Improper Input Validation

Related CVEs

CVE-2015-7551

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2017-03-29 14:59:00
(7 years ago)
Updated Date: 2018-03-28 01:29:01
(6 years ago)

Affected Products

Ruby-lang

Ruby

Configuration #1

		CPE23	From	Up To
	Ruby-lang Ruby 1.8.0	cpe:2.3:a:ruby-lang:ruby:1.8.0
	Ruby-lang Ruby 1.9.0	cpe:2.3:a:ruby-lang:ruby:1.9.0
	Ruby-lang Ruby 1.9.2	cpe:2.3:a:ruby-lang:ruby:1.9.2
	Ruby-lang Ruby 1.9.3	cpe:2.3:a:ruby-lang:ruby:1.9.3
	Ruby-lang Ruby 2.0.0	cpe:2.3:a:ruby-lang:ruby:2.0.0
	Ruby-lang Ruby 2.0.0 P195	cpe:2.3:a:ruby-lang:ruby:2.0.0:p195
	Ruby-lang Ruby 2.0.0 P247	cpe:2.3:a:ruby-lang:ruby:2.0.0:p247
	Ruby-lang Ruby 2.0.0 P353	cpe:2.3:a:ruby-lang:ruby:2.0.0:p353
	Ruby-lang Ruby 2.0.0 P481	cpe:2.3:a:ruby-lang:ruby:2.0.0:p481
	Ruby-lang Ruby 2.0.0 P576	cpe:2.3:a:ruby-lang:ruby:2.0.0:p576
	Ruby-lang Ruby 2.0.0 P594	cpe:2.3:a:ruby-lang:ruby:2.0.0:p594
	Ruby-lang Ruby 2.0.0 P598	cpe:2.3:a:ruby-lang:ruby:2.0.0:p598
	Ruby-lang Ruby 2.0.0 P643	cpe:2.3:a:ruby-lang:ruby:2.0.0:p643
	Ruby-lang Ruby 2.0.0 P645	cpe:2.3:a:ruby-lang:ruby:2.0.0:p645
	Ruby-lang Ruby 2.0.0 P647	cpe:2.3:a:ruby-lang:ruby:2.0.0:p647
	Ruby-lang Ruby 2.1.0	cpe:2.3:a:ruby-lang:ruby:2.1.0
	Ruby-lang Ruby 2.1.1	cpe:2.3:a:ruby-lang:ruby:2.1.1
	Ruby-lang Ruby 2.1.2	cpe:2.3:a:ruby-lang:ruby:2.1.2
	Ruby-lang Ruby 2.1.3	cpe:2.3:a:ruby-lang:ruby:2.1.3
	Ruby-lang Ruby 2.1.4	cpe:2.3:a:ruby-lang:ruby:2.1.4
	Ruby-lang Ruby 2.1.5	cpe:2.3:a:ruby-lang:ruby:2.1.5
	Ruby-lang Ruby 2.1.6	cpe:2.3:a:ruby-lang:ruby:2.1.6
	Ruby-lang Ruby 2.1.7	cpe:2.3:a:ruby-lang:ruby:2.1.7