Heap Overflow Vulnerability in Fiddle::Function.new initialize Function of Ruby

Heap Overflow Vulnerability in Fiddle::Function.new initialize Function of Ruby

CVE-2016-2339 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.

Learn more about our Web Application Penetration Testing UK.