CVE-2012-4466 - Vulnerability Details

Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Openshift
Ruby-lang	Ruby

Configuration 1 [-]

OR	cpe:2.3:a:ruby-lang:ruby:1.8.7:::::::*
	cpe:2.3:a:ruby-lang:ruby:1.8.7:p160::::::
	cpe:2.3:a:ruby-lang:ruby:1.8.7:p17::::::
	cpe:2.3:a:ruby-lang:ruby:1.8.7:p173::::::
	cpe:2.3:a:ruby-lang:ruby:1.8.7:p174::::::
	cpe:2.3:a:ruby-lang:ruby:1.8.7:p22::::::
	cpe:2.3:a:ruby-lang:ruby:1.8.7:p248::::::
	cpe:2.3:a:ruby-lang:ruby:1.8.7:p249::::::
	cpe:2.3:a:ruby-lang:ruby:1.8.7:p299::::::
	cpe:2.3:a:ruby-lang:ruby:1.8.7:p301::::::
	cpe:2.3:a:ruby-lang:ruby:1.8.7:p302::::::
	cpe:2.3:a:ruby-lang:ruby:1.8.7:p330::::::
	cpe:2.3:a:ruby-lang:ruby:1.8.7:p334::::::
	cpe:2.3:a:ruby-lang:ruby:1.8.7:p352::::::
	cpe:2.3:a:ruby-lang:ruby:1.8.7:p357::::::
	cpe:2.3:a:ruby-lang:ruby:1.8.7:p358::::::
	cpe:2.3:a:ruby-lang:ruby:1.8.7:p370::::::
	cpe:2.3:a:ruby-lang:ruby:1.8.7:p71::::::
	cpe:2.3:a:ruby-lang:ruby:1.8.7:p72::::::
	cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1::::::
	cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2::::::
	cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3::::::
	cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4::::::
	cpe:2.3:a:ruby-lang:ruby:1.9.3:::::::*
	cpe:2.3:a:ruby-lang:ruby:1.9.3:p0::::::
	cpe:2.3:a:ruby-lang:ruby:1.9.3:p125::::::
	cpe:2.3:a:ruby-lang:ruby:1.9.3:p194::::::
	cpe:2.3:a:ruby-lang:ruby:2.0:::::::*
	cpe:2.3:a:ruby-lang:ruby:2.0.0:::::::*
	cpe:2.3:a:ruby-lang:ruby:2.0.0:p0::::::
	cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1::::::
	cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2::::::
	cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1::::::
	cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2::::::

Package	CPE	Advisory	Released Date
RHEL 6 Version of OpenShift Enterprise
graphviz-0:2.26.0-10.el6	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-console-0:0.0.16-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-origin-broker-0:1.0.11-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-origin-broker-util-0:1.0.15-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-origin-cartridge-cron-1.4-0:1.0.3-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-origin-cartridge-diy-0.1-0:1.0.3-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-origin-cartridge-haproxy-1.4-0:1.0.4-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-origin-cartridge-jbosseap-6.0-0:1.0.4-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-origin-cartridge-jbossews-1.0-0:1.0.13-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-origin-cartridge-jenkins-1.4-0:1.0.2-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-origin-cartridge-jenkins-client-1.4-0:1.0.2-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-origin-cartridge-mysql-5.1-0:1.0.5-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-origin-cartridge-perl-5.10-0:1.0.3-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-origin-cartridge-php-5.3-0:1.0.5-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-origin-cartridge-postgresql-8.4-0:1.0.3-2.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-origin-cartridge-ruby-1.8-0:1.0.7-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-origin-cartridge-ruby-1.9-scl-0:1.0.8-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-origin-msg-node-mcollective-0:1.0.3-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
php-0:5.3.3-22.el6	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
ruby193-ruby-0:1.9.3.327-25.el6	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
ruby193-rubygem-actionpack-1:3.2.8-3.el6	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
ruby193-rubygem-activemodel-0:3.2.8-2.el6	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
ruby193-rubygem-activerecord-1:3.2.8-3.el6	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
ruby193-rubygem-railties-0:3.2.8-2.el6	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
ruby193-rubygem-ruby_parser-0:2.3.1-3.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
rubygem-actionpack-1:3.0.13-4.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
rubygem-activemodel-0:3.0.13-3.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
rubygem-activerecord-1:3.0.13-5.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
rubygem-bson-0:1.8.1-2.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
rubygem-mongo-0:1.8.1-2.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
rubygem-openshift-origin-auth-remote-user-0:1.0.5-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
rubygem-openshift-origin-console-0:1.0.10-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
rubygem-openshift-origin-controller-0:1.0.12-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
rubygem-openshift-origin-node-0:1.0.11-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
rubygem-ruby_parser-0:2.0.4-6.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z

References

Link	Providers
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089554.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089887.html
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068
http://www.mandriva.com/security/advisories?name=MDVSA-2013:124
http://www.openwall.com/lists/oss-security/2012/10/02/4
http://www.openwall.com/lists/oss-security/2012/10/03/9
http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/
https://bugzilla.redhat.com/show_bug.cgi?id=862614
https://nvd.nist.gov/vuln/detail/CVE-2012-4466
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294
https://www.cve.org/CVERecord?id=CVE-2012-4466

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-04-25T23:00:00

Updated: 2024-08-06T20:35:09.685Z

Reserved: 2012-08-21T00:00:00

Link: CVE-2012-4466

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2013-04-25T23:55:01.340

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-4466

Redhat

Severity : Low

Publid Date: 2012-10-02T00:00:00Z

Links: CVE-2012-4466 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-10-02T00:00:00", "descriptions": [{"lang": "en", "value": "Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-02-06T14:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20121002 CVE Request: Ruby safe level bypasses", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/10/02/4"}, {"name": "MDVSA-2013:124", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:124"}, {"name": "[oss-security] 20121003 Re: CVE Request: Ruby safe level bypasses", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/10/03/9"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=862614"}, {"name": "FEDORA-2012-15376", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089554.html"}, {"name": "FEDORA-2012-15395", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089887.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/"}, {"tags": ["x_refsource_MISC"], "url": "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-4466", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20121002 CVE Request: Ruby safe level bypasses", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/10/02/4"}, {"name": "MDVSA-2013:124", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:124"}, {"name": "[oss-security] 20121003 Re: CVE Request: Ruby safe level bypasses", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/10/03/9"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=862614", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=862614"}, {"name": "FEDORA-2012-15376", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089554.html"}, {"name": "FEDORA-2012-15395", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089887.html"}, {"name": "http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/", "refsource": "CONFIRM", "url": "http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/"}, {"name": "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068", "refsource": "MISC", "url": "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068"}, {"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294", "refsource": "CONFIRM", "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:35:09.685Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20121002 CVE Request: Ruby safe level bypasses", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/10/02/4"}, {"name": "MDVSA-2013:124", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:124"}, {"name": "[oss-security] 20121003 Re: CVE Request: Ruby safe level bypasses", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/10/03/9"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=862614"}, {"name": "FEDORA-2012-15376", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089554.html"}, {"name": "FEDORA-2012-15395", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089887.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-4466", "datePublished": "2013-04-25T23:00:00", "dateReserved": "2012-08-21T00:00:00", "dateUpdated": "2024-08-06T20:35:09.685Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "2D86FC99-3521-4E22-8FD3-65CEB05A6342", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:p160:*:*:*:*:*:*", "matchCriteriaId": "F81AB75D-9B8D-4880-A1FE-3DB24875BD1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*", "matchCriteriaId": "84A291B0-EABD-4572-B8E2-2457DBAEDC92", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:p173:*:*:*:*:*:*", "matchCriteriaId": "8B8B0853-F277-4EF2-A3A2-FC88891AA175", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:p174:*:*:*:*:*:*", "matchCriteriaId": "470F9991-8033-49A2-B996-4D3595C221F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*", "matchCriteriaId": "1FE05F3A-A8B5-45EE-BF52-D55E2768F890", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:p248:*:*:*:*:*:*", "matchCriteriaId": "9672DC94-7550-40C1-8FF3-5BD2DC1FA3B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:p249:*:*:*:*:*:*", "matchCriteriaId": "CDE72BB9-07AB-446A-81BE-85AF243BF3A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:p299:*:*:*:*:*:*", "matchCriteriaId": "55D77438-86CE-4256-8285-EB9CE372D0AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:p301:*:*:*:*:*:*", "matchCriteriaId": "404E191A-E394-4774-B1FB-2A7BB1558F0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:p302:*:*:*:*:*:*", "matchCriteriaId": "C1232504-801A-4EDD-A967-D22469181551", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:p330:*:*:*:*:*:*", "matchCriteriaId": "51F327AA-0F3A-4F81-AD6A-4CF36055D034", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:p334:*:*:*:*:*:*", "matchCriteriaId": "40E2C5E5-CB07-4CFE-A539-C199D76174F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:p352:*:*:*:*:*:*", "matchCriteriaId": "C5A64D8C-C117-4315-A2A3-2786D20BDE07", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:p357:*:*:*:*:*:*", "matchCriteriaId": "AFD81C81-4DE3-48F1-93F1-C6817F32AFBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:p358:*:*:*:*:*:*", "matchCriteriaId": "57813DB6-4CD3-4D6D-8028-65B71A34AC31", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:p370:*:*:*:*:*:*", "matchCriteriaId": "2FAA3BCC-496A-4D6D-8743-8022B202754D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*", "matchCriteriaId": "0C6D66E2-3E10-4DEA-9E6B-53A5DE78AFCF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:p72:*:*:*:*:*:*", "matchCriteriaId": "17AA24B4-30C7-4D46-A55C-A5CC7C446436", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*", "matchCriteriaId": "4E37786B-5336-4182-A1E3-801BDB6F61EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*", "matchCriteriaId": "349D014E-223A-46A7-8334-543DB330C215", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*", "matchCriteriaId": "550EC183-43A1-4A63-A23C-A48C1F078451", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*", "matchCriteriaId": "0ACECF59-AA88-4B5C-A671-83842C9CF072", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "D0535DC9-EB0E-4745-80AC-4A020DF26E38", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*", "matchCriteriaId": "94F5AA37-B466-4E2E-B217-5119BADDD87B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*", "matchCriteriaId": "6DF0F0F5-4022-4837-9B40-4B1127732CC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*", "matchCriteriaId": "B3848B08-85C2-4AAD-AA33-CCEB80EF5B32", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "90E0471D-1323-4E67-B66C-DEBF3BBAEEAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B03B7561-A854-4EFA-9E4E-CFC4EEAE4EE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*", "matchCriteriaId": "D2423B85-0971-42AC-8B64-819008BC5778", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1:*:*:*:*:*:*", "matchCriteriaId": "CB116A84-1652-4F5D-98AC-81F0349EEDC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2:*:*:*:*:*:*", "matchCriteriaId": "259C21E7-6084-4710-9BB3-C232942A451E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "285A3431-BDFE-40C5-92CD-B18217757C23", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "D66B32CB-AC49-4A1C-85ED-6389F27CB319", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005."}, {"lang": "es", "value": "Ruby v1.8.7 antes de patchlevel 371, v1.9.3 antes patchlevel 286 y v2.0 antes de la revisi\u00f3n r37068 permite a atacantes dependientes de contexto evitar las restricciones de seguridad de nivel y modificar cadenas untainted a trav\u00e9s de la funci\u00f3n de la API name_err_mesg_to_str, que marca la cadena como contaminada, una diferente vulnerabilidad a CVE-2011-1005."}], "id": "CVE-2012-4466", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-04-25T23:55:01.340", "references": [{"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089554.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089887.html"}, {"source": "secalert@redhat.com", "url": "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:124"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/10/02/4"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/10/03/9"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=862614"}, {"source": "secalert@redhat.com", "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089554.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089887.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:124"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/10/02/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/10/03/9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=862614"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "graphviz-0:2.26.0-10.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "openshift-console-0:0.0.16-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "openshift-origin-broker-0:1.0.11-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "openshift-origin-broker-util-0:1.0.15-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "openshift-origin-cartridge-cron-1.4-0:1.0.3-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "openshift-origin-cartridge-diy-0.1-0:1.0.3-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "openshift-origin-cartridge-haproxy-1.4-0:1.0.4-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "openshift-origin-cartridge-jbosseap-6.0-0:1.0.4-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "openshift-origin-cartridge-jbossews-1.0-0:1.0.13-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "openshift-origin-cartridge-jenkins-1.4-0:1.0.2-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "openshift-origin-cartridge-jenkins-client-1.4-0:1.0.2-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "openshift-origin-cartridge-mysql-5.1-0:1.0.5-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "openshift-origin-cartridge-perl-5.10-0:1.0.3-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "openshift-origin-cartridge-php-5.3-0:1.0.5-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "openshift-origin-cartridge-postgresql-8.4-0:1.0.3-2.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "openshift-origin-cartridge-ruby-1.8-0:1.0.7-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "openshift-origin-cartridge-ruby-1.9-scl-0:1.0.8-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "openshift-origin-msg-node-mcollective-0:1.0.3-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "php-0:5.3.3-22.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "ruby193-ruby-0:1.9.3.327-25.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "ruby193-rubygem-actionpack-1:3.2.8-3.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "ruby193-rubygem-activemodel-0:3.2.8-2.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "ruby193-rubygem-activerecord-1:3.2.8-3.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "ruby193-rubygem-railties-0:3.2.8-2.el6", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "ruby193-rubygem-ruby_parser-0:2.3.1-3.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "rubygem-actionpack-1:3.0.13-4.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "rubygem-activemodel-0:3.0.13-3.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "rubygem-activerecord-1:3.0.13-5.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "rubygem-bson-0:1.8.1-2.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "rubygem-mongo-0:1.8.1-2.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "rubygem-openshift-origin-auth-remote-user-0:1.0.5-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "rubygem-openshift-origin-console-0:1.0.10-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "rubygem-openshift-origin-controller-0:1.0.12-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "rubygem-openshift-origin-node-0:1.0.11-1.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0582", "cpe": "cpe:/a:redhat:openshift:1::el6", "package": "rubygem-ruby_parser-0:2.0.4-6.el6op", "product_name": "RHEL 6 Version of OpenShift Enterprise", "release_date": "2013-02-28T00:00:00Z"}], "bugzilla": {"description": "ruby: safe level bypass via name_err_mesg_to_str()", "id": "862614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=862614"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified"}, "cwe": "CWE-266", "details": ["Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005."], "name": "CVE-2012-4466", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "ruby", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "ruby", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2012-10-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-4466\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-4466"], "threat_severity": "Low"}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object