Bugzilla – Bug 1168938
VUL-0: CVE-2020-10933: ruby2.5: Heap exposure vulnerability in the socket library
Last modified: 2023-04-12 00:40:30 UTC
A heap exposure vulnerability was discovered in the socket library. This vulnerability has been assigned the CVE identifier CVE-2020-10933. We strongly recommend upgrading Ruby. Details When BasicSocket#recv_nonblock and BasicSocket#read_nonblock are invoked with size and buffer arguments, they initially resize the buffer to the specified size. In cases where the operation would block, they return without copying any data. Thus, the buffer string will now include arbitrary data from the heap. This may expose possibly sensitive data from the interpreter. This issue is exploitable only on Linux. This issue had been since Ruby 2.5.0; 2.4 series is not vulnerable. Affected versions Ruby 2.5 series: 2.5.7 and earlier Ruby 2.6 series: 2.6.5 and earlier Ruby 2.7 series: 2.7.0 prior to master revision 61b7f86248bd121be2e83768be71ef289e8e5b90 Credits Thanks to Samuel Williams for discovering this issue. History Originally published at 2020-03-31 15:00:00 (UTC)
This is an autogenerated message for OBS integration: This bug (1168938) was mentioned in https://build.opensuse.org/request/show/792507 Factory / ruby2.6
This is an autogenerated message for OBS integration: This bug (1168938) was mentioned in https://build.opensuse.org/request/show/792686 Backports:SLE-15-SP2 / ruby2.6
SUSE-SU-2020:0995-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1167244,1168938 CVE References: CVE-2020-10663,CVE-2020-10933 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): ruby2.5-2.5.8-4.11.1 SUSE Linux Enterprise Module for Basesystem 15-SP1 (src): ruby2.5-2.5.8-4.11.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2020:0586-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1167244,1168938 CVE References: CVE-2020-10663,CVE-2020-10933 Sources used: openSUSE Leap 15.1 (src): ruby2.5-2.5.8-lp151.4.9.1
ruby2.1 is not affected. Issue was exploitable since ruby 2.4.