Back to bug 2133689
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Sandipan Roy | 2022-10-11 07:54:50 UTC | Blocks | 2130851 | |
| Sandipan Roy | 2022-10-11 07:55:58 UTC | CC | hhorak, jorton, jprokop, mo, mtasaka, pvalena, ruby-packagers-sig, s, strzibny, vanmeeuwen+fedora, vondruch | |
| Sandipan Roy | 2022-10-11 07:56:56 UTC | CC | adudiak, caswilli, jburrell, jwong, kaycoth, kshier | |
| Sandipan Roy | 2022-10-11 09:06:34 UTC | Depends On | 2133739, 2133738, 2133740, 2133737 | |
| Sandipan Roy | 2022-10-27 09:37:46 UTC | CC | adudiak, jwong, kshier | |
| Doc Text | An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. A specially constructed object passed as elements of tags array can increase this array size after mentioned allocation and cause a heap overflow. | |||
| Paige Jung | 2022-10-27 16:52:34 UTC | Doc Text | An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. A specially constructed object passed as elements of tags array can increase this array size after mentioned allocation and cause a heap overflow. | An exploitable heap overflow vulnerability was found in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on the tags array length. A specially constructed object passed as elements of tags array can increase this array size after mentioned allocation, causing a heap overflow. |
| Jun Aruga | 2022-12-08 10:37:32 UTC | CC | jaruga | |
| Red Hat Bugzilla | 2023-07-07 08:32:34 UTC | Assignee | security-response-team | nobody |
Back to bug 2133689