CVE-2012-4481

Published: 5/2/2013 Last updated: 8/6/2024 Reserved: 8/21/2012

The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (1)

conf-ruby

Products affected (1)

Product	Vendor	Version
n/a	n/a	eff883c442f1805faa24a44e645413d9c9d3d95e6e0bb5c227124f7eac8187b6

References (12)

http://rhn.redhat.com/errata/RHSA-2013-0612.html
http://www.openwall.com/lists/oss-security/2012/10/05/4
http://www.mandriva.com/security/advisories?name=MDVSA-2013:124
http://rhn.redhat.com/errata/RHSA-2013-0129.html
https://bugzilla.redhat.com/show_bug.cgi?id=863484
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294
http://rhn.redhat.com/errata/RHSA-2013-0612.html
http://www.openwall.com/lists/oss-security/2012/10/05/4
http://www.mandriva.com/security/advisories?name=MDVSA-2013:124
http://rhn.redhat.com/errata/RHSA-2013-0129.html
https://bugzilla.redhat.com/show_bug.cgi?id=863484
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294