An exploitable heap overflow vulnerability exists in the Fiddle::Function.new “initialize” function functionality of Ruby. In Fiddle::Function.new “initialize” heap buffer “arg_types” allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow. References: http://www.talosintelligence.com/reports/TALOS-2016-0034/
Upstream patch: https://github.com/ruby/ruby/commit/bcc2421b4938fc1d9f5f3fb6ef2320571b27af42
This flaw requires executing untrusted ruby code, or passing an untrusted class to the Fiddle module. Either of these would already represent a vulnerability by design, so the impact from this flaw is Moderate at best. The Fiddle module is not present in Ruby prior to version 1.9, so earlier versions are not affected.
Statement: Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.