CVE-2024-27280: Buffer Overread Vulnerability in StringIO ~ Ruby

Bunjo

Bunjo

Uzman üye
14 Ara 2020
1,587
1,886
I Won

6449ti9.gif

pDHFoUY.png

CVE-2024-27280: Buffer Overread Vulnerability In StringIO

We have released the StringIO gem version 3.0.1.1 and 3.0.1.2 that have a security fix for a buffer overread vulnerability.
This vulnerability has been assigned the CVE identifier CVE-2024-27280.

Details


pDHFoUY.png


An issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4.

The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value.

This vulnerability is not affected StringIO 3.0.3 and later, and Ruby 3.2.x and later.

Recommended Action


pDHFoUY.png


We recommend to update the StringIO gem to version 3.0.3 or later. In order to ensure compatibility with bundled version in older Ruby series, you may update as follows instead:
  • For Ruby 3.0 users: Update to stringio 3.0.1.1
  • For Ruby 3.1 users: Update to stringio 3.0.1.2
Note: that StringIO 3.0.1.2 contains not only the fix for this vulnerability but also a bugfix for [Bug #19389].
C: 
str = strio_substr(ptr, ptr->pos, e - s - w, enc);
    }
    else {
    if (n < e - s) {
        if (e - s < 1024) {
    if (n < e - s + arg->chomp) {
        /* unless chomping, RS at the end does not matter */
        if (e - s < 1024 || n == e - s) {
        for (p = s; p + n <= e; ++p) {
            if (MEMCMP(p, RSTRING_PTR(str), char, n) == 0) {
            e = p + (arg->chomp ? 0 : n);

2cy71m4.png


C: 
assert_equal("def", stringio.gets("", chomp: true))

    assert_string("", Encoding::UTF_8, StringIO.new("\n").gets(chomp: true))

    assert_equal("", StringIO.new("ab").gets("ab", chomp: true))
  end

  def test_gets_chomp_eol

e87wapd.png


C: 
# define RUBY_VERSION_MINOR RUBY_API_VERSION_MINOR
#define RUBY_VERSION_TEENY 4
#define RUBY_RELEASE_DATE RUBY_RELEASE_YEAR_STR"-"RUBY_RELEASE_MONTH_STR"-"RUBY_RELEASE_DAY_STR
#define RUBY_PATCHLEVEL 199
#define RUBY_PATCHLEVEL 200

#define RUBY_RELEASE_YEAR 2023
#define RUBY_RELEASE_MONTH 3

8sloj3n.png



You can use gem update stringio to update it. If you are using bundler, please add gem "stringio", ">= 3.0.1.2" to your Gemfile.

Affected Versions

  • Ruby 3.0.6 or lower
  • Ruby 3.1.4 or lower
  • StringIO gem 3.0.1 or lower

 
Son düzenleme:
Butcherb3y

Butcherb3y

Uzman üye
1 Eyl 2022
1,555
1,151
Anıtkabir
Bunjo' Alıntı:

6449ti9.gif

pDHFoUY.png

CVE-2024-27280: Buffer Overread Vulnerability In StringIO

We have released the StringIO gem version 3.0.1.1 and 3.0.1.2 that have a security fix for a buffer overread vulnerability.
This vulnerability has been assigned the CVE identifier CVE-2024-27280.

Details


pDHFoUY.png


An issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4.

The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value.

This vulnerability is not affected StringIO 3.0.3 and later, and Ruby 3.2.x and later.

Recommended Action


pDHFoUY.png


We recommend to update the StringIO gem to version 3.0.3 or later. In order to ensure compatibility with bundled version in older Ruby series, you may update as follows instead:
  • For Ruby 3.0 users: Update to stringio 3.0.1.1
  • For Ruby 3.1 users: Update to stringio 3.0.1.2
Note: that StringIO 3.0.1.2 contains not only the fix for this vulnerability but also a bugfix for [Bug #19389].
C: 
str = strio_substr(ptr, ptr->pos, e - s - w, enc);
    }
    else {
    if (n < e - s) {
        if (e - s < 1024) {
    if (n < e - s + arg->chomp) {
        /* unless chomping, RS at the end does not matter */
        if (e - s < 1024 || n == e - s) {
        for (p = s; p + n <= e; ++p) {
            if (MEMCMP(p, RSTRING_PTR(str), char, n) == 0) {
            e = p + (arg->chomp ? 0 : n);

2cy71m4.png


C: 
assert_equal("def", stringio.gets("", chomp: true))

    assert_string("", Encoding::UTF_8, StringIO.new("\n").gets(chomp: true))

    assert_equal("", StringIO.new("ab").gets("ab", chomp: true))
  end

  def test_gets_chomp_eol

e87wapd.png


C: 
# define RUBY_VERSION_MINOR RUBY_API_VERSION_MINOR
#define RUBY_VERSION_TEENY 4
#define RUBY_RELEASE_DATE RUBY_RELEASE_YEAR_STR"-"RUBY_RELEASE_MONTH_STR"-"RUBY_RELEASE_DAY_STR
#define RUBY_PATCHLEVEL 199
#define RUBY_PATCHLEVEL 200

#define RUBY_RELEASE_YEAR 2023
#define RUBY_RELEASE_MONTH 3

8sloj3n.png



You can use gem update stringio to update it. If you are using bundler, please add gem "stringio", ">= 3.0.1.2" to your Gemfile.

Affected Versions

  • Ruby 3.0.6 or lower
  • Ruby 3.1.4 or lower
  • StringIO gem 3.0.1 or lower

Genişletmek için tıkla ...
very nice article, congratulations
 
Cevap yazmak için giriş yap yada kayıt ol.
Üst

Turkhackteam.org internet sitesi 5651 sayılı kanun’un 2. maddesinin 1. fıkrasının m) bendi ile aynı kanunun 5. maddesi kapsamında "Yer Sağlayıcı" konumundadır. İçerikler ön onay olmaksızın tamamen kullanıcılar tarafından oluşturulmaktadır. Turkhackteam.org; Yer sağlayıcı olarak, kullanıcılar tarafından oluşturulan içeriği ya da hukuka aykırı paylaşımı kontrol etmekle ya da araştırmakla yükümlü değildir. Türkhackteam saldırı timleri Türk sitelerine hiçbir zararlı faaliyette bulunmaz. Türkhackteam üyelerinin yaptığı bireysel hack faaliyetlerinden Türkhackteam sorumlu değildir. Sitelerinize Türkhackteam ismi kullanılarak hack faaliyetinde bulunulursa, site-sunucu erişim loglarından bu faaliyeti gerçekleştiren ip adresini tespit edip diğer kanıtlarla birlikte savcılığa suç duyurusunda bulununuz.