ubuntu · CVE-2016-2339

Quick triage

Priority: low Published: 2017-01-06 00:00:00 UTC Updated: 2025-08-25 21:57:09 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2016-2339 low priority: Ubuntu including 4 source packages (ruby1.8, ruby1.9.1, ruby2.0, ruby2.3), 24 status rows across 6 suites (precise, trusty, upstream, xenial, yakkety, zesty): DNE 13, needs-triage 4, not-affected 3, ignored 2, released 2.

Description:

An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.

cvelogic Threat Intelligence