Vulnerability Details : CVE-2013-0162
The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
Products affected by CVE-2013-0162
- cpe:2.3:a:ryan_davis:ruby_parser:*:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a9:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a2:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a7:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a6:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a5:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a4:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a10:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a8:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a3:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a1:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ryan_davis:ruby_parser:2.0.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-0162
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 37 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-0162
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:N |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2013-0162
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-0162
-
https://bugzilla.redhat.com/show_bug.cgi?id=892806
892806 – (CVE-2013-0162) CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usagePatch
-
http://rhn.redhat.com/errata/RHSA-2013-0544.html
RHSA-2013:0544 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2013-0548.html
Red Hat Customer Portal
Jump to