Input validation error in ruby (Alpine package)
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2015-7551 |
| CWE-ID | CWE-20 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
ruby (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Input validation error
EUVDB-ID: #VU32356
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2015-7551
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows context-dependent attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library.
MitigationInstall update from vendor's website.
Vulnerable software versionsruby (Alpine package): 2.0.0-r0 - 2.2.3-r1
CPE2.3- cpe:2.3:o:alpine:ruby_alpine_package:2.0.0-r0:*:*:*:*:alpine_linux:*:2.6
- cpe:2.3:o:alpine:ruby_alpine_package:2.0.0_p247-r1:*:*:*:*:alpine_linux:*:2.6
- cpe:2.3:o:alpine:ruby_alpine_package:2.0.0_p247-r3:*:*:*:*:alpine_linux:*:2.6
https://git.alpinelinux.org/aports/commit/?id=3afa43694d2bfcb8401e198114b238eab4a133b4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
