CVE-2015-7551

Description

The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.

CVSS Metrics

• v3.0•HIGH•Score: 8.4CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
• v2.0•MEDIUM•Score: 4.6AV:L/AC:L/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 0.23%• Percentile: 46%

Techniques & Countermeasures

• CWE-20•Improper Input Validation

  The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Affected Systems

• apple•mac_os_x

  ≤ 10.11.3

• ruby-lang•ruby

  ≤ 2.0.0-p647 | 2.1.0 | 2.1.1 | 2.1.2 | 2.1.3 | 2.1.4 | 2.1.5 | 2.1.6 | 2.1.7 | 2.2.0 | 2.2.1 | 2.2.2 | 2.2.3

References (11)

• http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
• https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.html
• https://support.apple.com/HT206167
• https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a
• http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344
• https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/
• http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551
• http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
• https://puppet.com/security/cve/ruby-dec-2015-security-fixes
• https://access.redhat.com/errata/RHSA-2018:0583
• http://www.securityfocus.com/bid/76060