Bug 1168938 - (CVE-2020-10933) VUL-0: CVE-2020-10933: ruby2.5: Heap exposure vulnerability in the socket library
(CVE-2020-10933)
VUL-0: CVE-2020-10933: ruby2.5: Heap exposure vulnerability in the socket lib...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Marcus Rückert
Security Team bot
CVSSv3.1:SUSE:CVE-2020-10933:5.3:(AV...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-04-08 07:14 UTC by Alexandros Toptsoglou
Modified: 2022-07-18 16:05 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2020-04-08 07:14:49 UTC
A heap exposure vulnerability was discovered in the socket library. This vulnerability has been assigned the CVE identifier CVE-2020-10933. We strongly recommend upgrading Ruby.

Details
When BasicSocket#recv_nonblock and BasicSocket#read_nonblock are invoked with size and buffer arguments, they initially resize the buffer to the specified size. In cases where the operation would block, they return without copying any data. Thus, the buffer string will now include arbitrary data from the heap. This may expose possibly sensitive data from the interpreter.

This issue is exploitable only on Linux. This issue had been since Ruby 2.5.0; 2.4 series is not vulnerable.

Affected versions
Ruby 2.5 series: 2.5.7 and earlier
Ruby 2.6 series: 2.6.5 and earlier
Ruby 2.7 series: 2.7.0
prior to master revision 61b7f86248bd121be2e83768be71ef289e8e5b90
Credits
Thanks to Samuel Williams for discovering this issue.

History
Originally published at 2020-03-31 15:00:00 (UTC)
Comment 2 Swamp Workflow Management 2020-04-08 17:00:11 UTC
This is an autogenerated message for OBS integration:
This bug (1168938) was mentioned in
https://build.opensuse.org/request/show/792507 Factory / ruby2.6
Comment 3 Swamp Workflow Management 2020-04-09 11:10:09 UTC
This is an autogenerated message for OBS integration:
This bug (1168938) was mentioned in
https://build.opensuse.org/request/show/792686 Backports:SLE-15-SP2 / ruby2.6
Comment 4 Swamp Workflow Management 2020-04-15 10:19:32 UTC
SUSE-SU-2020:0995-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1167244,1168938
CVE References: CVE-2020-10663,CVE-2020-10933
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    ruby2.5-2.5.8-4.11.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    ruby2.5-2.5.8-4.11.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 5 Swamp Workflow Management 2020-05-01 22:36:12 UTC
openSUSE-SU-2020:0586-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1167244,1168938
CVE References: CVE-2020-10663,CVE-2020-10933
Sources used:
openSUSE Leap 15.1 (src):    ruby2.5-2.5.8-lp151.4.9.1
Comment 6 Marcus Meissner 2020-05-12 12:34:58 UTC
ruby2.1 is not affected.

Issue was exploitable since ruby 2.4.