CVE-2009-4124

NameCVE-2009-4124
DescriptionHeap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of these details are obtained from third party information.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs572817

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ruby1.8source(unstable)(not affected)
ruby1.9source(unstable)(unfixed)572817
ruby1.9.1source(unstable)1.9.1.376-1

Notes

http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/

Search for package or bug name: Reporting problems