Description
An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.
References (4)
Core 4
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200625-0001/
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2020/dsa-4721
Scores
CVSS v3
5.3
EPSS
0.0251
EPSS Percentile
82.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-908
Status
published
Products (4)
debian/debian_linux
10.0
fedoraproject/fedora
31
ruby-lang/ruby
2.7.0
ruby-lang/ruby
2.5.0 - 2.5.7
Published
May 04, 2020
Tracked Since
Feb 18, 2026