Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-10933

An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.

Published

2020-05-04T15:15:13.963

Last Modified

2024-11-21T04:56:23.987

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-908

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ruby-lang	ruby	≤ 2.5.7	Yes
Application	ruby-lang	ruby	≤ 2.6.5	Yes
Application	ruby-lang	ruby	2.7.0	Yes
Operating System	linux	linux_kernel	-	No
Operating System	fedoraproject	fedora	31	Yes
Operating System	debian	debian_linux	10.0	Yes

References

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/ ([email protected])
https://security.netapp.com/advisory/ntap-20200625-0001/ Third Party Advisory ([email protected])
https://www.debian.org/security/2020/dsa-4721 Third Party Advisory ([email protected])
https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933/ Exploit, Vendor Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20200625-0001/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2020/dsa-4721 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933/ Exploit, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)