← Back

CVE-2012-4464

nvd nist
Published: Apr 25, 2013Modified: Apr 29, 2026

JSON object

Loading...
5.0
Vector
AV:N/AC:L/Au:N/C:N/I:P/A:N
Exploitability: 10.0 / Impact: 2.9
Source: NVD

Description

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE: this issue might exist because of a CVE-2011-1005 regression.

Affected (11)

Products: Ruby Lang: Ruby
Ruby Lang
1 product
Ruby
Configuration A
11 vulnerable
Vulnerable SoftwareAffected Versions
Ruby Lang
Ruby
Version 1.9.3
Ruby
Version 1.9.3 p0
Ruby
Version 1.9.3 p125
Ruby
Version 1.9.3 p194
Ruby
Version 2.0.0
Ruby
Version 2.0.0 p0
Ruby
Version 2.0.0 preview1
Ruby
Version 2.0.0 preview2
Ruby
Version 2.0.0 rc1
Ruby
Version 2.0.0 rc2
Ruby
Version 2.0

Related CWEs

CWE-264
CWE-264

References (14)

Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.