An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-04T11:21:13.597Z
Reserved: 2020-03-24T00:00:00
Link: CVE-2020-10933

No data.

Status : Modified
Published: 2020-05-04T15:15:13.963
Modified: 2024-11-21T04:56:23.987
Link: CVE-2020-10933


No data.