CVE-2012-4466

Public on 2012-10-23

Modified on 2014-09-14

Description

Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.

Severity

Low

See what this means

CVSS v3 Base Score

4.3

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	ruby	2012-10-23 10:43	ALAS-2012-139

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv2	4.3	AV:N/AC:M/Au:N/C:N/I:P/A:N
NVD	CVSSv2	5.0	AV:N/AC:L/Au:N/C:N/I:P/A:N

References

Red Hat: CVE-2012-4466 Mitre: CVE-2012-4466 FAQs regarding Amazon Linux ALAS/CVE Severity