suse · CVE-2012-4466

Quick triage

Priority: low Published: 2021-05-30 13:06:13 UTC Updated: 2026-04-18 19:08:22 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2012-4466 severity low: SUSE including 10 source package names (ruby-1.8.7.p357-0.9.17.1, ruby-1.8.7.p357-0.9.9.1, …), 12 product×package rows across 3 product lines (SUSE Linux Enterprise Server 11 SP3, SUSE Linux Enterprise Server 11 SP4, SUSE Linux Enterprise Software Development Kit 11 SP4): Fixed 12.

Description:

Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.

cvelogic Threat Intelligence