Heap Overflow in Ruby Psych::Emitter::start_document due to tag array misuse
CVE-2016-2338 Published on September 29, 2022

An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow.

NVD

Products Associated with CVE-2016-2338

stack.watch emails you whenever new vulnerabilities are published in Ruby Programming Language Ruby Language or Debian Linux. Just hit a watch button to start following.

Ruby Programming Language Ruby Language

Debian Linux

Exploit Probability

EPSS

13.46%

Percentile

94.07%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Heap Overflow in Ruby Psych::Emitter::start_document due to tag array misuseCVE-2016-2338 Published on September 29, 2022

Products Associated with CVE-2016-2338

Exploit Probability

Heap Overflow in Ruby Psych::Emitter::start_document due to tag array misuse
CVE-2016-2338 Published on September 29, 2022