Home

CVE-2008-3657

Description

The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.

Risk Information

Base Score
9.8
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
22.517

Associated Vulnerability

VulnerabilityOS Platform
Rubygem-json update (ELSA-2025-4063) rubygem-json-2.6.1-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpmLinux
Rubygem-json update (ELSA-2025-4063) rubygem-json-2.6.1-145.module+el8.10.0+90550+7d8a4a30.i686.rpmLinux
Rubygem-irb update (ELSA-2025-4063) rubygem-irb-1.4.1-145.module+el8.10.0+90550+7d8a4a30.noarch.rpmLinux
Rubygem-io-console update (ELSA-2025-4063) rubygem-io-console-0.5.11-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpmLinux
Rubygem-io-console update (ELSA-2025-4063) rubygem-io-console-0.5.11-145.module+el8.10.0+90550+7d8a4a30.i686.rpmLinux
Rubygem-bundler update (ELSA-2025-4063) rubygem-bundler-2.3.27-145.module+el8.10.0+90550+7d8a4a30.noarch.rpmLinux
Rubygem-bigdecimal update (ELSA-2025-4063) rubygem-bigdecimal-3.1.1-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpmLinux
Rubygem-bigdecimal update (ELSA-2025-4063) rubygem-bigdecimal-3.1.1-145.module+el8.10.0+90550+7d8a4a30.i686.rpmLinux
Rubygem-abrt-doc update (ELSA-2025-4063) rubygem-abrt-doc-0.4.0-1.module+el8.7.0+20780+b11ff321.noarch.rpmLinux
Rubygem-mysql2 update (ELSA-2025-4063) rubygem-mysql2-0.5.3-2.module+el8.7.0+20780+b11ff321.x86_64.rpmLinux
Ruby-libs update (ELSA-2025-4063) ruby-libs-3.1.7-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpmLinux
Ruby-libs update (ELSA-2025-4063) ruby-libs-3.1.7-145.module+el8.10.0+90550+7d8a4a30.i686.rpmLinux
Ruby-doc update (ELSA-2025-4063) ruby-doc-3.1.7-145.module+el8.10.0+90550+7d8a4a30.noarch.rpmLinux
Ruby-devel update (ELSA-2025-4063) ruby-devel-3.1.7-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpmLinux
Ruby-devel update (ELSA-2025-4063) ruby-devel-3.1.7-145.module+el8.10.0+90550+7d8a4a30.i686.rpmLinux
Ruby-default-gems update (ELSA-2025-4063) ruby-default-gems-3.1.7-145.module+el8.10.0+90550+7d8a4a30.noarch.rpmLinux
Ruby-bundled-gems update (ELSA-2025-4063) ruby-bundled-gems-3.1.7-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpmLinux
Ruby-bundled-gems update (ELSA-2025-4063) ruby-bundled-gems-3.1.7-145.module+el8.10.0+90550+7d8a4a30.i686.rpmLinux
Ruby update (ELSA-2025-4063) ruby-3.1.7-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpmLinux
Ruby update (ELSA-2025-4063) ruby-3.1.7-145.module+el8.10.0+90550+7d8a4a30.i686.rpmLinux
Rubygem-abrt update (ELSA-2025-4063) rubygem-abrt-0.4.0-1.module+el8.7.0+20780+b11ff321.noarch.rpmLinux
Rubygems-devel update (ELSA-2025-4063) rubygems-devel-3.3.27-145.module+el8.10.0+90550+7d8a4a30.noarch.rpmLinux
Rubygems update (ELSA-2025-4063) rubygems-3.3.27-145.module+el8.10.0+90550+7d8a4a30.noarch.rpmLinux
Rubygem-typeprof update (ELSA-2025-4063) rubygem-typeprof-0.21.3-145.module+el8.10.0+90550+7d8a4a30.noarch.rpmLinux
Rubygem-test-unit update (ELSA-2025-4063) rubygem-test-unit-3.5.3-145.module+el8.10.0+90550+7d8a4a30.noarch.rpmLinux
Rubygem-rss update (ELSA-2025-4063) rubygem-rss-0.3.1-145.module+el8.10.0+90550+7d8a4a30.noarch.rpmLinux
Rubygem-rexml update (ELSA-2025-4063) rubygem-rexml-3.3.9-145.module+el8.10.0+90550+7d8a4a30.noarch.rpmLinux
Rubygem-rdoc update (ELSA-2025-4063) rubygem-rdoc-6.4.1.1-145.module+el8.10.0+90550+7d8a4a30.noarch.rpmLinux
Rubygem-rbs update (ELSA-2025-4063) rubygem-rbs-2.7.0-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpmLinux
Rubygem-rbs update (ELSA-2025-4063) rubygem-rbs-2.7.0-145.module+el8.10.0+90550+7d8a4a30.i686.rpmLinux
Rubygem-rake update (ELSA-2025-4063) rubygem-rake-13.0.6-145.module+el8.10.0+90550+7d8a4a30.noarch.rpmLinux
Rubygem-psych update (ELSA-2025-4063) rubygem-psych-4.0.4-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpmLinux
Rubygem-psych update (ELSA-2025-4063) rubygem-psych-4.0.4-145.module+el8.10.0+90550+7d8a4a30.i686.rpmLinux
Rubygem-power_assert update (ELSA-2025-4063) rubygem-power_assert-2.0.1-145.module+el8.10.0+90550+7d8a4a30.noarch.rpmLinux
Rubygem-pg-doc update (ELSA-2025-4063) rubygem-pg-doc-1.3.2-1.module+el8.7.0+20780+b11ff321.noarch.rpmLinux
Rubygem-pg update (ELSA-2025-4063) rubygem-pg-1.3.2-1.module+el8.7.0+20780+b11ff321.x86_64.rpmLinux
Rubygem-mysql2-doc update (ELSA-2025-4063) rubygem-mysql2-doc-0.5.3-2.module+el8.7.0+20780+b11ff321.noarch.rpmLinux
Rubygem-minitest update (ELSA-2025-4063) rubygem-minitest-5.15.0-145.module+el8.10.0+90550+7d8a4a30.noarch.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234