CVE-2016-2339

NameCVE-2016-2339
DescriptionAn exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1421-1
Debian Bugs851161

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ruby2.1 (PTS)jessie, jessie (lts)2.1.5-2+deb8u14fixed
ruby2.3 (PTS)stretch (security)2.3.3-1+deb9u11fixed
stretch (lts), stretch2.3.3-1+deb9u12fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ruby2.1sourcejessie2.1.5-2+deb8u4DLA-1421-1
ruby2.1source(unstable)(unfixed)851161
ruby2.3source(unstable)2.3.0-1

Notes

http://www.talosintelligence.com/reports/TALOS-2016-0034/
Fixed by: https://github.com/ruby/ruby/commit/bcc2421b4938fc1d9f5f3fb6ef2320571b27af42
Fixed by: https://github.com/ruby/ruby/commit/de577357e80fa15f5cf13a81aa3decc783ea929e
Fixed by: https://github.com/ruby/ruby/commit/4977af3c3d54d27167bfc237f1b2802c40bddc10
Search for package or bug name: Reporting problems