Upstream information

CVE-2012-4522 at MITRE

Description

The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
CVSS detail National Vulnerability Database
Base Score 5
Vector AV:N/AC:L/Au:N/C:N/I:P/A:N
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
SUSE Bugzilla entry: 791199 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP2
  • ruby >= 1.8.7.p357-0.9.9.1
  • ruby-devel >= 1.8.7.p357-0.9.9.1
  • ruby-doc-html >= 1.8.7.p357-0.9.9.1
  • ruby-doc-ri >= 1.8.7.p357-0.9.9.1
  • ruby-examples >= 1.8.7.p357-0.9.9.1
  • ruby-test-suite >= 1.8.7.p357-0.9.9.1
  • ruby-tk >= 1.8.7.p357-0.9.9.1
 Patchnames:
sdksp2-ruby
sledsp2-ruby
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server for SAP Applications 11 SP2
  • ruby >= 1.8.7.p357-0.9.9.1
  • ruby-devel >= 1.8.7.p357-0.9.9.1
  • ruby-doc-html >= 1.8.7.p357-0.9.9.1
  • ruby-doc-ri >= 1.8.7.p357-0.9.9.1
  • ruby-examples >= 1.8.7.p357-0.9.9.1
  • ruby-test-suite >= 1.8.7.p357-0.9.9.1
  • ruby-tk >= 1.8.7.p357-0.9.9.1
 Patchnames:
sdksp2-ruby
slessp2-ruby
SUSE Linux Enterprise Software Development Kit 11 SP2
  • ruby-devel >= 1.8.7.p357-0.9.9.1
  • ruby-doc-html >= 1.8.7.p357-0.9.9.1
  • ruby-doc-ri >= 1.8.7.p357-0.9.9.1
  • ruby-examples >= 1.8.7.p357-0.9.9.1
  • ruby-test-suite >= 1.8.7.p357-0.9.9.1
  • ruby-tk >= 1.8.7.p357-0.9.9.1
 Patchnames:
sdksp2-ruby

SUSE Timeline for this CVE

CVE page created: Fri Jun 28 08:57:50 2013
CVE page last modified: Mon Oct 6 18:18:15 2025