CVE-2009-5147

HIGH

Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 < 648, 2.1 < 2.1.8 - Arbitrary Library Loading via DL::dlopen

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-5147. PoCs published by zhangyongbo100, vpereira.

AI-analyzed exploit summary This repository is a Ruby Advisory Database containing structured YAML files with detailed vulnerability information, including CVE-2009-5147. It provides metadata such as descriptions, CVSS scores, patched versions, and related references, but does not include functional exploit code.

Description

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.

Exploits (2)

nomisec WRITEUP

by zhangyongbo100 · poc

https://github.com/zhangyongbo100/-Ruby-dl-handle.c-CVE-2009-5147-

View Code ZIP pw:eip

This repository is a Ruby Advisory Database containing structured YAML files with detailed vulnerability information, including CVE-2009-5147. It provides metadata such as descriptions, CVSS scores, patched versions, and related references, but does not include functional exploit code.

Classification

Writeup 100%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Ruby libraries (various)

No auth needed

Prerequisites: Access to the advisory database for vulnerability lookup

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by vpereira · poc

https://github.com/vpereira/CVE-2009-5147

View Code ZIP pw:eip

This repository contains a functional PoC for CVE-2009-5147, demonstrating a Ruby $SAFE level bypass via Fiddle.dlopen. The exploit loads a shared library and calls a function to leak environment variables, bypassing security restrictions in Ruby versions prior to 2.3.0.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Ruby (versions < 2.3.0)

No auth needed

Prerequisites: Ruby environment with Fiddle support · Ability to set environment variables

MITRE ATT&CK

T1552.001 - Credentials In Files

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6

Core References

Patch, Third Party Advisory x_refsource_confirm

https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b

View Patch ZIP pw:eip

Patch, Third Party Advisory, VDB Entry mailing-list x_refsource_mlist

http://seclists.org/oss-sec/2015/q3/222

Vendor Advisory x_refsource_confirm

https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:0583

Issue Tracking, Patch, Third Party Advisory, VDB Entry x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=1248935

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/76060

Scores

CVSS v3 7.3

EPSS 0.5622

EPSS Percentile 98.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-20

Status published

Products (13)

ruby-lang/ruby 1.8.0

ruby-lang/ruby 1.9.0

ruby-lang/ruby 1.9.2

ruby-lang/ruby 1.9.3

ruby-lang/ruby 2.0.0 (11 CPE variants)

ruby-lang/ruby 2.1.0

ruby-lang/ruby 2.1.1

ruby-lang/ruby 2.1.2

ruby-lang/ruby 2.1.3

ruby-lang/ruby 2.1.4

... and 3 more

Published Mar 29, 2017

Tracked Since Feb 18, 2026