CVE-2020-10933: Infoleak
First published: Tue Mar 31 2020(Updated: )
An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/rh-ruby25-ruby | <0:2.5.9-9.el7 | 0:2.5.9-9.el7 |
| redhat/rh-ruby26-ruby | <0:2.6.7-119.el7 | 0:2.6.7-119.el7 |
| Ruby-lang Ruby | >=2.5.0<=2.5.7 | |
| Ruby-lang Ruby | >=2.6.0<=2.6.5 | |
| Ruby-lang Ruby | =2.7.0 | |
| Linux Linux kernel | ||
| Fedoraproject Fedora | =31 | |
| Debian Debian Linux | =10.0 | |
| debian/ruby2.5 | 2.5.5-3+deb10u4 2.5.5-3+deb10u6 | |
| debian/ruby2.7 | 2.7.4-1+deb11u1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-10933 https://nvd.nist.gov/vuln/detail/CVE-2020-10933 https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933
- https://bugzilla.redhat.com/show_bug.cgi?id=1833291
- https://access.redhat.com/errata/RHSA-2021:2587
- https://access.redhat.com/errata/RHSA-2021:2588
- https://access.redhat.com/errata/RHSA-2022:0581
- https://access.redhat.com/errata/RHSA-2022:0582
- https://access.redhat.com/errata/RHSA-2021:2104
- https://access.redhat.com/errata/RHSA-2021:2230
- https://access.redhat.com/security/cve/cve-2020-10933
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/
- https://security.netapp.com/advisory/ntap-20200625-0001/
- https://www.debian.org/security/2020/dsa-4721
- https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933/
- https://github.com/ruby/ruby/commit/61b7f86248bd121be2e83768be71ef289e8e5b90
- https://github.com/ruby/ruby/commit/ba5eb6458a7e9a41ee76cfe45b84f997600681dc
- https://security-tracker.debian.org/tracker/CVE-2020-10933
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1833293
- https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1833291#c4
- https://access.redhat.com/security/cve/CVE-2020-10933
- https://www.ruby-lang.org/en/news/2020/03/31/ruby-2-7-1-released/
- https://www.ruby-lang.org/en/news/2020/03/31/ruby-2-6-6-released/
- https://www.ruby-lang.org/en/news/2020/03/31/ruby-2-5-8-released/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is CVE-2020-10933?
CVE-2020-10933 is a vulnerability in Ruby that allows an attacker to read arbitrary memory in the socket library.
Which versions of Ruby are affected by CVE-2020-10933?
Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0 are affected by CVE-2020-10933.
How does CVE-2020-10933 work?
If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size but no data is copied, allowing an attacker to access uninitialized memory.
What is the severity of CVE-2020-10933?
CVE-2020-10933 has a severity rating of 5.3, which is considered medium.
How can I mitigate CVE-2020-10933 in Ruby?
Update to Ruby version 2.5.9, 2.6.6, or 2.7.1 to mitigate CVE-2020-10933.
- collector/redhat-cve
- collector/nvd-index
- collector/security-tracker-debian
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/severity
- agent/author
- agent/weakness
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-10933
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/tags
- agent/event
- agent/trending
- package-manager/redhat
- vendor/ruby-lang
- canonical/ruby-lang ruby
- version/ruby-lang ruby/2.5.0
- version/ruby-lang ruby/2.5.7
- version/ruby-lang ruby/2.6.0
- version/ruby-lang ruby/2.6.5
- version/ruby-lang ruby/2.7.0
- vendor/linux
- canonical/linux linux kernel
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/31
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- package-manager/debian