CVE-2020-10933

An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.

Published: May 4, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-10933
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-908

Affected Software
References

Software	From	Fixed in
ruby-lang / ruby	2.5.0	2.5.7.x
ruby-lang / ruby	2.6.0	2.6.5.x
ruby-lang / ruby	2.7.0	2.7.0.x
fedoraproject / fedora	31	31.x
debian / debian_linux	10.0	10.0.x

https://lists.fedoraproject.org/archives/list/[email protected]/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/
https://security.netapp.com/advisory/ntap-20200625-0001/
https://www.debian.org/security/2020/dsa-4721
https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933/

Vulnerability Database

289,599

CVE-2020-10933