Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ruby 基于堆的缓冲区溢出漏洞
Vulnerability Description
Ruby是日本软件开发者松本行弘所研发的一种跨平台、面向对象的动态类型编程语言。 Ruby中存在基于堆的缓冲区溢出漏洞,该漏洞源于当字符串转换成浮点型时存在错误。攻击者可利用该漏洞造成拒绝服务,也可能执行任意代码。以下版本受到影响:Ruby 1.8版本,1.9.3-p484之前的1.9版本,2.0.0-p353之前的2.0版本,2.1.0 preview2之前的2.1版本,trunk版本43780之前所有的Ruby。
CVSS Information
N/A
Vulnerability Type
N/A