CVE-2012-4464

CVSS v2.0 5 (Medium)

EPSS 0.30 % (70^th)

Affected Products 1

Advisories 11

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE: this issue might exist because of a CVE-2011-1005 regression.

Weaknesses

CWE-264: Permissions, Privileges, and Access Controls

Related CVEs

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2013-04-25 23:55:01
(11 years ago)
Updated Date: 2013-08-27 03:27:05
(11 years ago)

Affected Products

Ruby-lang

Ruby

Configuration #1

		CPE23	From	Up To
	Ruby-lang Ruby 1.9.3	cpe:2.3:a:ruby-lang:ruby:1.9.3
	Ruby-lang Ruby 1.9.3 P0	cpe:2.3:a:ruby-lang:ruby:1.9.3:p0
	Ruby-lang Ruby 1.9.3 P125	cpe:2.3:a:ruby-lang:ruby:1.9.3:p125
	Ruby-lang Ruby 1.9.3 P194	cpe:2.3:a:ruby-lang:ruby:1.9.3:p194
	Ruby-lang Ruby 2.0	cpe:2.3:a:ruby-lang:ruby:2.0
	Ruby-lang Ruby 2.0.0	cpe:2.3:a:ruby-lang:ruby:2.0.0
	Ruby-lang Ruby 2.0.0 P0	cpe:2.3:a:ruby-lang:ruby:2.0.0:p0
	Ruby-lang Ruby 2.0.0 Preview1	cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1
	Ruby-lang Ruby 2.0.0 Preview2	cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2
	Ruby-lang Ruby 2.0.0 Rc1	cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1
	Ruby-lang Ruby 2.0.0 Rc2	cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2