← back
CVE-2016-2339

CVE-2016-2339

EPSS 5.1%
An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.
Affected products
Ruby · Ruby

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://lists.debian.org/debian-lts-announce/2018/07/msg00012.htmlhttp://www.securityfocus.com/bid/91234http://www.talosintelligence.com/reports/TALOS-2016-0034/