CVE-2016-2338

high-risk

Published 2022-09-29

An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow.

Do I need to act?

13.5% chance of exploitation in next 30 days

EPSS score — higher than 87% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (3)

Ruby

Debian Linux

Affected Vendors

Debian Ruby-Lang

References (6)

Exploit http://www.talosintelligence.com/reports/TALOS-2016-0032/

Mailing List https://lists.debian.org/debian-lts-announce/2020/03/msg00032.html

Third Party Advisory https://security.netapp.com/advisory/ntap-20221228-0005/

Exploit http://www.talosintelligence.com/reports/TALOS-2016-0032/

Mailing List https://lists.debian.org/debian-lts-announce/2020/03/msg00032.html

Third Party Advisory https://security.netapp.com/advisory/ntap-20221228-0005/

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 12/34 · Low

Exposure 9/34 · Low