An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.

CPENameOperatorVersion
debian_linuxeq10.0
fedoraeq31
rubyge2.5.0
rubyle2.5.7
rubyge2.6.0
rubyle2.6.5
rubyeq2.7.0

Name	Operator	Version
debian_linux	eq	10.0
fedora	eq	31
ruby	ge	2.5.0
ruby	le	2.5.7
ruby	ge	2.6.0
ruby	le	2.6.5
ruby	eq	2.7.0

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/

security.netapp.com/advisory/ntap-20200625-0001/

www.debian.org/security/2020/dsa-4721

www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933/

nessus 24

cbl_mariner 1

mageia 1

openvas 8

osv 8

cve 1

veracode 1

cvelist 1

redhatcve 1

ubuntucve 1

nvd 1

alpinelinux 1

debiancve 1

rubygems 1

fedora 1

debian 2

suse 1

ubuntu 1

cloudfoundry 1

photon 6

rocky 2

redhat 6

oraclelinux 2

almalinux 2

ibm 1

kitploit 1

nessus

Photon OS 2.0: Ruby PHSA-2020-2.0-0242

2020-05-13 00:00:00

Photon OS 1.0: Ruby PHSA-2020-1.0-0294

2020-05-18 00:00:00

SUSE SLED15 / SLES15 Security Update : ruby2.5 (SUSE-SU-2020:0995-1)

2020-04-16 00:00:00

cbl_mariner

CVE-2020-10933 affecting package ruby 2.6.3-3

2021-06-09 03:50:37

mageia

Updated ruby packages fix security vulnerability

2020-07-07 16:47:37

openvas

Mageia: Security Advisory (MGASA-2020-0285)

2022-01-28 00:00:00

openSUSE: Security Advisory for ruby2.5 (openSUSE-SU-2020:0586-1)

2020-05-02 00:00:00

Debian: Security Advisory (DSA-4721-1)

2020-07-09 00:00:00

osv

BIT-ruby-2020-10933

2024-03-06 11:06:11

CVE-2020-10933

2020-05-04 15:15:13

ruby2.5 - security update

2020-07-08 00:00:00

cve

CVE-2020-10933

2020-05-04 15:15:13

veracode

Information Disclosure

2020-08-06 21:34:05

cvelist

CVE-2020-10933

2020-05-04 14:54:00

redhatcve

CVE-2020-10933

2020-05-08 11:10:59

ubuntucve

CVE-2020-10933

2020-05-04 00:00:00

nvd

CVE-2020-10933

2020-05-04 15:15:13

alpinelinux

CVE-2020-10933

2020-05-04 15:15:13

debiancve

CVE-2020-10933

2020-05-04 15:15:13

rubygems

Heap exposure vulnerability in the socket library

2020-03-30 21:00:00

fedora

[SECURITY] Fedora 31 Update: ruby-2.6.6-125.fc31

2020-05-22 03:19:32

debian

[SECURITY] [DSA 4721-1] ruby2.5 security update

2020-07-08 15:31:57

[SECURITY] [DSA 4721-1] ruby2.5 security update

2020-07-08 15:31:57

suse

Security update for ruby2.5 (moderate)

2020-05-02 00:00:00

ubuntu

Ruby vulnerabilities

2021-03-18 00:00:00

cloudfoundry

USN-4882-1: Ruby vulnerabilities | Cloud Foundry

2021-04-14 00:00:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0294

2020-05-14 00:00:00

Important Photon OS Security Update - PHSA-2020-0089

2020-05-13 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0242

2020-05-13 00:00:00

rocky

ruby:2.5 security, bug fix, and enhancement update

2021-06-29 13:58:20

ruby:2.6 security, bug fix, and enhancement update

2021-06-29 13:58:40

redhat

(RHSA-2021:2587) Moderate: ruby:2.5 security, bug fix, and enhancement update

2021-06-29 13:58:20

(RHSA-2021:2104) Moderate: rh-ruby25-ruby security, bug fix, and enhancement update

2021-05-25 12:17:56

(RHSA-2021:2230) Moderate: rh-ruby26-ruby security, bug fix, and enhancement update

2021-06-03 07:45:38

oraclelinux

ruby:2.5 security, bug fix, and enhancement update

2021-07-02 00:00:00

ruby:2.6 security, bug fix, and enhancement update

2021-07-07 00:00:00

almalinux

Moderate: ruby:2.5 security, bug fix, and enhancement update

2021-06-29 13:58:20

Moderate: ruby:2.6 security, bug fix, and enhancement update

2021-06-29 13:58:40

ibm

Security Bulletin: Multiple security vulnerabilities affect IBM Cloud Foundry Migration Runtime

2021-10-13 14:44:47

kitploit

Master_Librarian - A Simple Tool To Audit Unix/*BSD/Linux System Libraries To Find Public Security Vulnerabilities

2022-03-09 20:30:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.1 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.5%

JSON

Related for PRION:CVE-2020-10933