CVE-2016-2337 - OpenCVE

Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ruby-lang	Ruby

Configuration 1 [-]

OR	cpe:2.3:a:ruby-lang:ruby:2.2.2:::::::*
	cpe:2.3:a:ruby-lang:ruby:2.3.0:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/91233
http://www.talosintelligence.com/reports/TALOS-2016-0031/
https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html
https://nvd.nist.gov/vuln/detail/CVE-2016-2337
https://security.gentoo.org/glsa/201710-18
https://www.cve.org/CVERecord?id=CVE-2016-2337

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2017-01-06T21:00:00

Updated: 2024-08-05T23:24:49.158Z

Reserved: 2016-02-12T00:00:00

Link: CVE-2016-2337

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-01-06T21:59:00.460

Modified: 2018-08-28T10:29:00.783

Link: CVE-2016-2337

Redhat

Severity : Moderate

Publid Date: 2016-06-14T00:00:00Z

Links: CVE-2016-2337 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "Ruby", "vendor": "Ruby", "versions": [{"status": "affected", "version": "2.3.0 dev"}, {"status": "affected", "version": "2.2.2"}]}, {"product": "Tcl/Tk", "vendor": "Tcl", "versions": [{"status": "affected", "version": "8.6 or later"}]}], "datePublic": "2016-06-14T00:00:00", "descriptions": [{"lang": "en", "value": "Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as \"retval\" argument can cause arbitrary code execution."}], "problemTypes": [{"descriptions": [{"description": "type confusion", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-08-28T09:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0031/"}, {"name": "91233", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/91233"}, {"name": "[debian-lts-announce] 20180827 [SECURITY] [DLA 1480-1] ruby2.1 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html"}, {"name": "GLSA-201710-18", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201710-18"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2016-2337", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Ruby", "version": {"version_data": [{"version_value": "2.3.0 dev"}, {"version_value": "2.2.2"}]}}]}, "vendor_name": "Ruby"}, {"product": {"product_data": [{"product_name": "Tcl/Tk", "version": {"version_data": [{"version_value": "8.6 or later"}]}}]}, "vendor_name": "Tcl"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as \"retval\" argument can cause arbitrary code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "type confusion"}]}]}, "references": {"reference_data": [{"name": "http://www.talosintelligence.com/reports/TALOS-2016-0031/", "refsource": "MISC", "url": "http://www.talosintelligence.com/reports/TALOS-2016-0031/"}, {"name": "91233", "refsource": "BID", "url": "http://www.securityfocus.com/bid/91233"}, {"name": "[debian-lts-announce] 20180827 [SECURITY] [DLA 1480-1] ruby2.1 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html"}, {"name": "GLSA-201710-18", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201710-18"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:24:49.158Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0031/"}, {"name": "91233", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/91233"}, {"name": "[debian-lts-announce] 20180827 [SECURITY] [DLA 1480-1] ruby2.1 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html"}, {"name": "GLSA-201710-18", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201710-18"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2016-2337", "datePublished": "2017-01-06T21:00:00", "dateReserved": "2016-02-12T00:00:00", "dateUpdated": "2024-08-05T23:24:49.158Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "5FCCD8F3-E667-42F2-9861-14EDFB16583A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "822307DD-7F7D-44C2-9C4B-CB8704663410", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as \"retval\" argument can cause arbitrary code execution."}, {"lang": "es", "value": "Existe un tipo de confusi\u00f3n en el m\u00e9todo de clase _cancel_eval Ruby's TclTkIp. El atacante que pasa un tipo diferente de objeto que una String como argumento \"retval\" puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/843.html\">CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')</a>", "id": "CVE-2016-2337", "lastModified": "2018-08-28T10:29:00.783", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-01-06T21:59:00.460", "references": [{"source": "cret@cert.org", "url": "http://www.securityfocus.com/bid/91233"}, {"source": "cret@cert.org", "tags": ["Exploit", "Technical Description", "Third Party Advisory", "VDB Entry"], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0031/"}, {"source": "cret@cert.org", "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html"}, {"source": "cret@cert.org", "url": "https://security.gentoo.org/glsa/201710-18"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "ruby: TclTkIp ip_cancel_eval type confusion vulnerability", "id": "1412680", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412680"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-843", "details": ["Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as \"retval\" argument can cause arbitrary code execution."], "name": "CVE-2016-2337", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Will not fix", "package_name": "rh-ruby22-ruby", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Will not fix", "package_name": "ruby-200-ruby", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "ruby", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "ruby", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "ruby", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Will not fix", "package_name": "rh-ruby22-ruby", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Will not fix", "package_name": "rh-ruby23-ruby", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Will not fix", "package_name": "ruby200-ruby", "product_name": "Red Hat Software Collections"}], "public_date": "2016-06-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-2337\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2337"], "statement": "Red Hat Product Security has rated this issue as having Moderate security\nimpact. This issue is not currently planned to be addressed in future\nupdates. For additional information, refer to the Issue Severity\nClassification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Moderate"}