CVE-2013-2065
Advisory lineage Upstream: 0 Downstream: 1
Downstream
Modified
Published: 02 Nov 2013, 19:00
Last modified:06 Aug 2024, 15:20
Vulnerability Summary
Overall Risk (default)
medium
36/100 CVSS Score
6.4 MEDIUM
v2.0 (nvd)
EPSS Score
0.68% LOW
1% probability +0.18%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected
Timeline
02 Nov 2013, 19:00
Published
Vulnerability first disclosed
06 Aug 2024, 15:20
Last Modified
Vulnerability information updated
Description
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.
CVSS Metrics
- v2.0•MEDIUM•Score: 6.4AV:N/AC:L/Au:N/C:P/I:P/A:N
EPSS Trends
Current EPSS score: 0.68%• Percentile: 72%
Techniques & Countermeasures
- CWE-264•Permissions, Privileges, and Access Controls
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
Affected Systems
- opensuse•opensuse
12.2 | 12.3
- ruby-lang•ruby
1.9 | 1.9.1 | 1.9.2 | 1.9.3 | 1.9.3:p0 | 1.9.3:p125 | 1.9.3:p194 | 1.9.3:p286 | 1.9.3:p383 | 1.9.3:p385 | 1.9.3:p392 | 2.0 | 2.0.0 | 2.0.0:p0 | 2.0.0:preview1 | 2.0.0:preview2 | 2.0.0:rc1 | 2.0.0:rc2
References (7)
- https://puppet.com/security/cve/cve-2013-2065
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107064.html
- http://www.ubuntu.com/usn/USN-2035-1
- https://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107098.html
- http://lists.opensuse.org/opensuse-updates/2013-10/msg00057.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107120.html