ALPINE-CVE-2020-10933

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2020-10933

Published: 04 May 2020, 15:15

Last modified:03 Dec 2025, 22:45

Vulnerability Summary

Overall Risk (default)

low

21/100

CVSS Score

5.3 MEDIUM

3.1 (osv_alpine)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

04 May 2020, 15:15

Published

Vulnerability first disclosed

03 Dec 2025, 22:45

Last Modified

Vulnerability information updated

Description

An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.

CVSS Metrics

v3.1•MEDIUM•Score: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Systems

alpine•ruby
< 2.5.8-r0 | < 2.6.6-r0 | < 2.6.6-r0 | < 2.6.6-r0 | < 2.6.6-r0 | < 2.6.6-r0 | < 2.6.6-r0 | < 2.6.6-r0 | < 2.6.6-r0 | < 2.6.6-r0 | < 2.6.6-r0 | < 2.6.6-r0 | < 2.6.6-r0 | < 2.6.6-r0 | < 2.5.8-r0 | < 2.5.8-r0

References (1)

https://security.alpinelinux.org/vuln/CVE-2020-10933