| CARVIEW |
Select Language
HTTP/2 200
server: GitHub.com
content-type: text/html; charset=utf-8
last-modified: Thu, 24 Jul 2025 16:53:18 GMT
access-control-allow-origin: *
etag: W/"688264fe-18ae"
expires: Thu, 24 Jul 2025 20:03:55 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: DD19:7C419:1DC40:22FA0:68828F4F
accept-ranges: bytes
age: 0
date: Thu, 24 Jul 2025 19:53:55 GMT
via: 1.1 varnish
x-served-by: cache-bom-vanm7210049-BOM
x-cache: MISS
x-cache-hits: 0
x-timer: S1753386835.164377,VS0,VE230
vary: Accept-Encoding
x-fastly-request-id: cff23d7d521da65b14df6afff0bf38d8c820afed
content-length: 2297
Heap overflow in String (CVE-2009-4124)
Heap overflow in String (CVE-2009-4124)
Posted by Yugui on 7 Dec 2009
There is a heap overflow vulnerability in String#ljust,
String#center and String#rjust. This has allowed an attacker to run
arbitrary code in some rare cases.
Vulnerable versions
- All releases of Ruby 1.9.1.
This vulnerability does not affect Ruby 1.8 series.
Solution
Please upgrade to Ruby 1.9.1-p376.
Credit
Credit to Emmanouel Kellinis, KPMG London for disclosing the problem to Ruby Security team.
Changes
- 2009-12-07 14:52 +0900 add link to CVE (but not opened yet when writing this page)