| CARVIEW |
Select Language
HTTP/2 200
server: GitHub.com
content-type: text/html; charset=utf-8
last-modified: Wed, 16 Jul 2025 15:35:29 GMT
access-control-allow-origin: *
etag: W/"6877c6c1-18e2"
expires: Thu, 17 Jul 2025 14:13:45 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: B3C4:1621EC:8C13A:A25C5:687902C1
accept-ranges: bytes
age: 0
date: Thu, 17 Jul 2025 14:03:45 GMT
via: 1.1 varnish
x-served-by: cache-bom4745-BOM
x-cache: MISS
x-cache-hits: 0
x-timer: S1752761025.172493,VS0,VE226
vary: Accept-Encoding
x-fastly-request-id: b55b6aa7360de2fd1d0026c49f5190c5bd6689f2
content-length: 2333
Heap overflow in String (CVE-2009-4124)
Heap overflow in String (CVE-2009-4124)
Posted by Yugui on 7 Dec 2009
There is a heap overflow vulnerability in String#ljust,
String#center and String#rjust. This has allowed an attacker to run
arbitrary code in some rare cases.
Vulnerable versions
- All releases of Ruby 1.9.1.
This vulnerability does not affect Ruby 1.8 series.
Solution
Please upgrade to Ruby 1.9.1-p376.
Credit
Credit to Emmanouel Kellinis, KPMG London for disclosing the problem to Ruby Security team.
Changes
- 2009-12-07 14:52 +0900 add link to CVE (but not opened yet when writing this page)