CVE-2009-4124

Ruby 1.9.1 - Heap-Based Buffer Overflow in String Justification Functions

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of these details are obtained from third party information.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/60880
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54674
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3471
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/37278
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37660

Scores

EPSS 0.0387
EPSS Percentile 89.0%

Details

CWE
CWE-119
Status published
Products (1)
ruby-lang/ruby 1.9.1 -p0 (7 CPE variants)
Published Dec 11, 2009
Tracked Since Feb 18, 2026