Heap Overflow Vulnerability in Ruby's Psych::Emitter Function
CVE-2016-2338

9.8CRITICAL

Key Information:

Vendor: Ruby-lang
Status: Ruby
Vendor: CVE Published:; 29 September 2022

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2016-2338?

A heap overflow vulnerability has been identified in the Psych::Emitter start_document function of Ruby. This issue arises due to improper allocation of the heap buffer 'head' based on the length of the tags array. Attackers can exploit this flaw by crafting specially designed objects that increase the size of the tags array after the allocation, leading to potential heap overflow and arbitrary code execution. It's crucial for users and organizations utilizing affected Ruby versions to apply security patches promptly to mitigate risks associated with this vulnerability.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2016-2338-nday
Created by SpiralBL0CK

References

https://lists.debian.org/debian-lts-announce/2020/03/msg0...

mailing-list

http://www.talosintelligence.com/reports/TALOS-2016-0032/

https://security.netapp.com/advisory/ntap-20221228-0005/

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Dec 19, 2022
👾
Exploit known to exist
Dec 19, 2022
Vulnerability published
Sep 29, 2022
Vulnerability Reserved
Feb 12, 2016

Ruby-lang

Badges

What is CVE-2016-2338?

Exploit Proof of Concept (PoC)

References

EPSS Score

CVSS V3.1

Timeline