An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.
References
Link | Resource |
---|---|
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/ | |
https://security.netapp.com/advisory/ntap-20200625-0001/ | Third Party Advisory |
https://www.debian.org/security/2020/dsa-4721 | Third Party Advisory |
https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933/ | Exploit Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 03:14
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2020-05-04 15:15
Updated : 2024-02-28 17:47
NVD link : CVE-2020-10933
Mitre link : CVE-2020-10933
CVE.ORG link : CVE-2020-10933
JSON object : View
Products Affected
linux
- linux_kernel
fedoraproject
- fedora
debian
- debian_linux
ruby-lang
- ruby
CWE
CWE-908
Use of Uninitialized Resource