[FREEBSD:3DECC87D-2498-11E2-B0C7-000D601460A4] ruby -- Unintentional file creation caused by inserting an illegal NUL character
Severity
Medium
Affected Packages
1
CVEs
1
The official ruby site reports:
A vulnerability was found that file creation routines can create
unintended files by strategically inserting NUL(s) in file paths.
This vulnerability has been reported as CVE-2012-4522.
Ruby can handle arbitrary binary patterns as Strings, including
NUL chars. On the other hand OSes and other libraries tend not.
They usually treat a NUL as an End of String mark. So to interface
them with Ruby, NUL chars should properly be avoided.
However methods like IO#open did not check the filename passed to
them, and just passed those strings to lower layer routines. This
led to create unintentional files.
Package | Affected Version |
---|---|
pkg:freebsd/ruby | > 1.9.3,1, < 1.9.3.286,1 |
- ID
- FREEBSD:3DECC87D-2498-11E2-B0C7-000D601460A4
- Severity
- medium
- Severity from
- CVE-2012-4522
- URL
- http://vuxml.freebsd.org/freebsd/3decc87d-2498-11e2-b0c7-000d601460a4.html
- Published
-
2012-10-12T00:00:00
(12 years ago) - Modified
-
2012-11-01T00:00:00
(12 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | http://www.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability/ | ||
FreeBSD VuXML | https://access.redhat.com/security/cve/CVE-2012-4522/ |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:freebsd/ruby | ruby | > 1.9.3,1 < 1.9.3.286,1 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |