SecuritySpace - CVE-2016-2339

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2016-2339

Description: An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.

Test IDs: 1.3.6.1.4.1.25623.1.0.891421

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2016-2339
BugTraq ID: 91234
http://www.securityfocus.com/bid/91234
http://www.talosintelligence.com/reports/TALOS-2016-0034/
https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html

CVE ID:	CVE-2016-2339
Description:	An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.
Test IDs:	1.3.6.1.4.1.25623.1.0.891421
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2016-2339 BugTraq ID: 91234 http://www.securityfocus.com/bid/91234 http://www.talosintelligence.com/reports/TALOS-2016-0034/ https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html