CVE-2016-2338
Last modified
CVE-2016-2338 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. EPSS estimates a 4.64% chance of exploitation in the next 30 days.
Description
An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ruby-Lang | Ruby | 2.2.2 |
| Ruby-Lang | Ruby | 2.3.0 |
| Debian | Debian Linux | 8.0 |
References
- http://www.talosintelligence.com/reports/TALOS-2016-0032/Exploit, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/03/msg00032.htmlMailing List, Third Party Advisory
- https://security.netapp.com/advisory/ntap-20221228-0005/Third Party Advisory
- http://www.talosintelligence.com/reports/TALOS-2016-0032/Exploit, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/03/msg00032.htmlMailing List, Third Party Advisory
- https://security.netapp.com/advisory/ntap-20221228-0005/Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-2338?
How severe is CVE-2016-2338?
How do I fix CVE-2016-2338?
Are you affected by CVE-2016-2338?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST