vulnerability
Amazon Linux AMI 2: CVE-2020-10933: Security patch for ruby (ALASRUBY2.6-2023-007)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | May 4, 2020 | Sep 28, 2023 | Nov 26, 2024 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
May 4, 2020
Added
Sep 28, 2023
Modified
Nov 26, 2024
Description
An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.
Solution(s)
amazon-linux-ami-2-upgrade-rubyamazon-linux-ami-2-upgrade-ruby-debuginfoamazon-linux-ami-2-upgrade-ruby-develamazon-linux-ami-2-upgrade-ruby-docamazon-linux-ami-2-upgrade-ruby-libsamazon-linux-ami-2-upgrade-rubygem-bigdecimalamazon-linux-ami-2-upgrade-rubygem-bundleramazon-linux-ami-2-upgrade-rubygem-did_you_meanamazon-linux-ami-2-upgrade-rubygem-io-consoleamazon-linux-ami-2-upgrade-rubygem-irbamazon-linux-ami-2-upgrade-rubygem-jsonamazon-linux-ami-2-upgrade-rubygem-minitestamazon-linux-ami-2-upgrade-rubygem-net-telnetamazon-linux-ami-2-upgrade-rubygem-opensslamazon-linux-ami-2-upgrade-rubygem-power_assertamazon-linux-ami-2-upgrade-rubygem-psychamazon-linux-ami-2-upgrade-rubygem-rakeamazon-linux-ami-2-upgrade-rubygem-rdocamazon-linux-ami-2-upgrade-rubygem-test-unitamazon-linux-ami-2-upgrade-rubygem-xmlrpcamazon-linux-ami-2-upgrade-rubygemsamazon-linux-ami-2-upgrade-rubygems-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.