CVE-2013-2065
Description
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.
Risk Information
Base Score
9.1
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.499
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Ruby update (ELSA-2023-7025) ruby-2.5.9-111.module+el8.9.0+90042+a65659a6.i686.rpm | Linux |
| Ruby update (ELSA-2023-7025) ruby-2.5.9-111.module+el8.9.0+90042+a65659a6.x86_64.rpm | Linux |
| Ruby-devel update (ELSA-2023-7025) ruby-devel-2.5.9-111.module+el8.9.0+90042+a65659a6.i686.rpm | Linux |
| Ruby-devel update (ELSA-2023-7025) ruby-devel-2.5.9-111.module+el8.9.0+90042+a65659a6.x86_64.rpm | Linux |
| Ruby-doc update (ELSA-2023-7025) ruby-doc-2.5.9-111.module+el8.9.0+90042+a65659a6.noarch.rpm | Linux |
| Ruby-irb update (ELSA-2023-7025) ruby-irb-2.5.9-111.module+el8.9.0+90042+a65659a6.noarch.rpm | Linux |
| Ruby-libs update (ELSA-2023-7025) ruby-libs-2.5.9-111.module+el8.9.0+90042+a65659a6.i686.rpm | Linux |
| Ruby-libs update (ELSA-2023-7025) ruby-libs-2.5.9-111.module+el8.9.0+90042+a65659a6.x86_64.rpm | Linux |
| Rubygem-abrt update (ELSA-2023-7025) rubygem-abrt-0.3.0-4.module+el8.9.0+90042+a65659a6.noarch.rpm | Linux |
| Rubygem-abrt-doc update (ELSA-2023-7025) rubygem-abrt-doc-0.3.0-4.module+el8.9.0+90042+a65659a6.noarch.rpm | Linux |
| Rubygem-bigdecimal update (ELSA-2023-7025) rubygem-bigdecimal-1.3.4-111.module+el8.9.0+90042+a65659a6.i686.rpm | Linux |
| Rubygem-bigdecimal update (ELSA-2023-7025) rubygem-bigdecimal-1.3.4-111.module+el8.9.0+90042+a65659a6.x86_64.rpm | Linux |
| Rubygem-bson update (ELSA-2023-7025) rubygem-bson-4.3.0-2.module+el8.9.0+90042+a65659a6.x86_64.rpm | Linux |
| Rubygem-bson-doc update (ELSA-2023-7025) rubygem-bson-doc-4.3.0-2.module+el8.9.0+90042+a65659a6.noarch.rpm | Linux |
| Rubygem-bundler update (ELSA-2023-7025) rubygem-bundler-1.16.1-4.module+el8.9.0+90042+a65659a6.noarch.rpm | Linux |
| Rubygem-bundler-doc update (ELSA-2023-7025) rubygem-bundler-doc-1.16.1-4.module+el8.9.0+90042+a65659a6.noarch.rpm | Linux |
| Rubygem-did_you_mean update (ELSA-2023-7025) rubygem-did_you_mean-1.2.0-111.module+el8.9.0+90042+a65659a6.noarch.rpm | Linux |
| Rubygem-io-console update (ELSA-2023-7025) rubygem-io-console-0.4.6-111.module+el8.9.0+90042+a65659a6.i686.rpm | Linux |
| Rubygem-io-console update (ELSA-2023-7025) rubygem-io-console-0.4.6-111.module+el8.9.0+90042+a65659a6.x86_64.rpm | Linux |
| Rubygem-json update (ELSA-2023-7025) rubygem-json-2.1.0-111.module+el8.9.0+90042+a65659a6.i686.rpm | Linux |
| Rubygem-json update (ELSA-2023-7025) rubygem-json-2.1.0-111.module+el8.9.0+90042+a65659a6.x86_64.rpm | Linux |
| Rubygem-minitest update (ELSA-2023-7025) rubygem-minitest-5.10.3-111.module+el8.9.0+90042+a65659a6.noarch.rpm | Linux |
| Rubygem-mongo update (ELSA-2023-7025) rubygem-mongo-2.5.1-2.module+el8.9.0+90042+a65659a6.noarch.rpm | Linux |
| Rubygem-mongo-doc update (ELSA-2023-7025) rubygem-mongo-doc-2.5.1-2.module+el8.9.0+90042+a65659a6.noarch.rpm | Linux |
| Rubygem-mysql2 update (ELSA-2023-7025) rubygem-mysql2-0.4.10-4.module+el8.9.0+90042+a65659a6.x86_64.rpm | Linux |
| Rubygem-mysql2-doc update (ELSA-2023-7025) rubygem-mysql2-doc-0.4.10-4.module+el8.9.0+90042+a65659a6.noarch.rpm | Linux |
| Rubygem-net-telnet update (ELSA-2023-7025) rubygem-net-telnet-0.1.1-111.module+el8.9.0+90042+a65659a6.noarch.rpm | Linux |
| Rubygem-openssl update (ELSA-2023-7025) rubygem-openssl-2.1.2-111.module+el8.9.0+90042+a65659a6.i686.rpm | Linux |
| Rubygem-openssl update (ELSA-2023-7025) rubygem-openssl-2.1.2-111.module+el8.9.0+90042+a65659a6.x86_64.rpm | Linux |
| Rubygem-pg update (ELSA-2023-7025) rubygem-pg-1.0.0-3.module+el8.9.0+90042+a65659a6.x86_64.rpm | Linux |
| Rubygem-pg-doc update (ELSA-2023-7025) rubygem-pg-doc-1.0.0-3.module+el8.9.0+90042+a65659a6.noarch.rpm | Linux |
| Rubygem-power_assert update (ELSA-2023-7025) rubygem-power_assert-1.1.1-111.module+el8.9.0+90042+a65659a6.noarch.rpm | Linux |
| Rubygem-psych update (ELSA-2023-7025) rubygem-psych-3.0.2-111.module+el8.9.0+90042+a65659a6.i686.rpm | Linux |
| Rubygem-psych update (ELSA-2023-7025) rubygem-psych-3.0.2-111.module+el8.9.0+90042+a65659a6.x86_64.rpm | Linux |
| Rubygem-rake update (ELSA-2023-7025) rubygem-rake-12.3.3-111.module+el8.9.0+90042+a65659a6.noarch.rpm | Linux |
| Rubygem-rdoc update (ELSA-2023-7025) rubygem-rdoc-6.0.1.1-111.module+el8.9.0+90042+a65659a6.noarch.rpm | Linux |
| Rubygem-test-unit update (ELSA-2023-7025) rubygem-test-unit-3.2.7-111.module+el8.9.0+90042+a65659a6.noarch.rpm | Linux |
| Rubygem-xmlrpc update (ELSA-2023-7025) rubygem-xmlrpc-0.3.0-111.module+el8.9.0+90042+a65659a6.noarch.rpm | Linux |
| Rubygems update (ELSA-2023-7025) rubygems-2.7.6.3-111.module+el8.9.0+90042+a65659a6.noarch.rpm | Linux |
| Rubygems-devel update (ELSA-2023-7025) rubygems-devel-2.7.6.3-111.module+el8.9.0+90042+a65659a6.noarch.rpm | Linux |
| Rubygem-json update (ELSA-2025-4063) rubygem-json-2.6.1-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpm | Linux |
| Rubygem-json update (ELSA-2025-4063) rubygem-json-2.6.1-145.module+el8.10.0+90550+7d8a4a30.i686.rpm | Linux |
| Rubygem-irb update (ELSA-2025-4063) rubygem-irb-1.4.1-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm | Linux |
| Rubygem-io-console update (ELSA-2025-4063) rubygem-io-console-0.5.11-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpm | Linux |
| Rubygem-io-console update (ELSA-2025-4063) rubygem-io-console-0.5.11-145.module+el8.10.0+90550+7d8a4a30.i686.rpm | Linux |
| Rubygem-bundler update (ELSA-2025-4063) rubygem-bundler-2.3.27-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm | Linux |
| Rubygem-bigdecimal update (ELSA-2025-4063) rubygem-bigdecimal-3.1.1-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpm | Linux |
| Rubygem-bigdecimal update (ELSA-2025-4063) rubygem-bigdecimal-3.1.1-145.module+el8.10.0+90550+7d8a4a30.i686.rpm | Linux |
| Rubygem-abrt-doc update (ELSA-2025-4063) rubygem-abrt-doc-0.4.0-1.module+el8.7.0+20780+b11ff321.noarch.rpm | Linux |
| Rubygem-mysql2 update (ELSA-2025-4063) rubygem-mysql2-0.5.3-2.module+el8.7.0+20780+b11ff321.x86_64.rpm | Linux |
| Ruby-libs update (ELSA-2025-4063) ruby-libs-3.1.7-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpm | Linux |
| Ruby-libs update (ELSA-2025-4063) ruby-libs-3.1.7-145.module+el8.10.0+90550+7d8a4a30.i686.rpm | Linux |
| Ruby-doc update (ELSA-2025-4063) ruby-doc-3.1.7-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm | Linux |
| Ruby-devel update (ELSA-2025-4063) ruby-devel-3.1.7-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpm | Linux |
| Ruby-devel update (ELSA-2025-4063) ruby-devel-3.1.7-145.module+el8.10.0+90550+7d8a4a30.i686.rpm | Linux |
| Ruby-default-gems update (ELSA-2025-4063) ruby-default-gems-3.1.7-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm | Linux |
| Ruby-bundled-gems update (ELSA-2025-4063) ruby-bundled-gems-3.1.7-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpm | Linux |
| Ruby-bundled-gems update (ELSA-2025-4063) ruby-bundled-gems-3.1.7-145.module+el8.10.0+90550+7d8a4a30.i686.rpm | Linux |
| Ruby update (ELSA-2025-4063) ruby-3.1.7-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpm | Linux |
| Ruby update (ELSA-2025-4063) ruby-3.1.7-145.module+el8.10.0+90550+7d8a4a30.i686.rpm | Linux |
| Rubygem-abrt update (ELSA-2025-4063) rubygem-abrt-0.4.0-1.module+el8.7.0+20780+b11ff321.noarch.rpm | Linux |
| Rubygems-devel update (ELSA-2025-4063) rubygems-devel-3.3.27-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm | Linux |
| Rubygems update (ELSA-2025-4063) rubygems-3.3.27-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm | Linux |
| Rubygem-typeprof update (ELSA-2025-4063) rubygem-typeprof-0.21.3-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm | Linux |
| Rubygem-test-unit update (ELSA-2025-4063) rubygem-test-unit-3.5.3-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm | Linux |
| Rubygem-rss update (ELSA-2025-4063) rubygem-rss-0.3.1-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm | Linux |
| Rubygem-rexml update (ELSA-2025-4063) rubygem-rexml-3.3.9-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm | Linux |
| Rubygem-rdoc update (ELSA-2025-4063) rubygem-rdoc-6.4.1.1-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm | Linux |
| Rubygem-rbs update (ELSA-2025-4063) rubygem-rbs-2.7.0-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpm | Linux |
| Rubygem-rbs update (ELSA-2025-4063) rubygem-rbs-2.7.0-145.module+el8.10.0+90550+7d8a4a30.i686.rpm | Linux |
| Rubygem-rake update (ELSA-2025-4063) rubygem-rake-13.0.6-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm | Linux |
| Rubygem-psych update (ELSA-2025-4063) rubygem-psych-4.0.4-145.module+el8.10.0+90550+7d8a4a30.x86_64.rpm | Linux |
| Rubygem-psych update (ELSA-2025-4063) rubygem-psych-4.0.4-145.module+el8.10.0+90550+7d8a4a30.i686.rpm | Linux |
| Rubygem-power_assert update (ELSA-2025-4063) rubygem-power_assert-2.0.1-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm | Linux |
| Rubygem-pg-doc update (ELSA-2025-4063) rubygem-pg-doc-1.3.2-1.module+el8.7.0+20780+b11ff321.noarch.rpm | Linux |
| Rubygem-pg update (ELSA-2025-4063) rubygem-pg-1.3.2-1.module+el8.7.0+20780+b11ff321.x86_64.rpm | Linux |
| Rubygem-mysql2-doc update (ELSA-2025-4063) rubygem-mysql2-doc-0.5.3-2.module+el8.7.0+20780+b11ff321.noarch.rpm | Linux |
| Rubygem-minitest update (ELSA-2025-4063) rubygem-minitest-5.15.0-145.module+el8.10.0+90550+7d8a4a30.noarch.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234