{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-07-28T00:00:00", "descriptions": [{"lang": "en", "value": "DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-03-27T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b"}, {"name": "[oss-security] 20150728 Re: CVE request: Two ruby 'dl' vulnerabilities fixed in ruby-1.9.1-p129", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2015/q3/222"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/"}, {"name": "RHSA-2018:0583", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0583"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1248935"}, {"name": "76060", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/76060"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-5147", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b", "refsource": "CONFIRM", "url": "https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b"}, {"name": "[oss-security] 20150728 Re: CVE request: Two ruby 'dl' vulnerabilities fixed in ruby-1.9.1-p129", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2015/q3/222"}, {"name": "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/", "refsource": "CONFIRM", "url": "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/"}, {"name": "RHSA-2018:0583", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0583"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1248935", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1248935"}, {"name": "76060", "refsource": "BID", "url": "http://www.securityfocus.com/bid/76060"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:32:23.332Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b"}, {"name": "[oss-security] 20150728 Re: CVE request: Two ruby 'dl' vulnerabilities fixed in ruby-1.9.1-p129", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2015/q3/222"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/"}, {"name": "RHSA-2018:0583", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0583"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1248935"}, {"name": "76060", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/76060"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-5147", "datePublished": "2017-03-29T14:00:00", "dateReserved": "2015-07-28T00:00:00", "dateUpdated": "2024-08-07T07:32:23.332Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "16BDFA5C-35BE-4B7E-BD2D-C28B095F62E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "52179EC7-CAF0-42AA-A21A-7105E10CA122", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "5178D04D-1C29-4353-8987-559AA07443EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "D0535DC9-EB0E-4745-80AC-4A020DF26E38", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B03B7561-A854-4EFA-9E4E-CFC4EEAE4EE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*", "matchCriteriaId": "1C663278-3B2A-4B7C-959A-2AA804467F21", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*", "matchCriteriaId": "B7927149-A76A-48BC-8405-7375FC7D7486", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p353:*:*:*:*:*:*", "matchCriteriaId": "3D627638-64AA-455B-9FEA-093D3773B9FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p481:*:*:*:*:*:*", "matchCriteriaId": "19CF27FB-DCF5-4533-B309-55615AE21A63", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p576:*:*:*:*:*:*", "matchCriteriaId": "B9865DD1-F2AF-40B6-848A-EA9FD37034DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p594:*:*:*:*:*:*", "matchCriteriaId": "C10BD21E-B9FA-4B57-B617-0108A00D6132", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p598:*:*:*:*:*:*", "matchCriteriaId": "3D5ABD47-64AC-4844-B78B-F0D3BC3B8F49", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p643:*:*:*:*:*:*", "matchCriteriaId": "4EF7FDAD-9CAF-452D-B229-EF7C390DE712", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p645:*:*:*:*:*:*", "matchCriteriaId": "942C4584-11B4-4E6E-BD42-6F4573E55412", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p647:*:*:*:*:*:*", "matchCriteriaId": "49AB6D01-7AFE-4482-A6B4-C085A100A9A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "85A846FF-DD34-4DD6-BD61-09124C145E97", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "8DF046E4-503B-4A10-BEAB-3144BD86EA49", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "9FCA45F1-3038-413A-B8C3-EE366A4E6248", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "FF6AF5E3-4EB8-48A3-B8E9-C79C08C38994", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "6AE2B154-8126-4A38-BAB6-915207764FC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "808FA8BE-71FC-4ADD-BDEA-637E8DF4E899", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "523417A8-F62B-48AF-B60B-CE9A200D4A9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "FAB1E0F8-F9B0-40E9-892E-C62729525CE5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names."}, {"lang": "es", "value": "DL::dlopen en Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 en versiones anteriores a patchlevel 648, y 2.1 en versiones anteriores a 2.1.8 abre librer\u00edas con nombres contaminados."}], "id": "CVE-2009-5147", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-29T14:59:00.187", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory", "VDB Entry"], "url": "http://seclists.org/oss-sec/2015/q3/222"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/76060"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2018:0583"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1248935"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory", "VDB Entry"], "url": "http://seclists.org/oss-sec/2015/q3/222"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/76060"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2018:0583"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1248935"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2018:0583", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-ruby22-ruby-0:2.2.9-19.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2018-03-26T00:00:00Z"}, {"advisory": "RHSA-2018:0583", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-ruby22-ruby-0:2.2.9-19.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2018-03-26T00:00:00Z"}, {"advisory": "RHSA-2018:0583", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-ruby22-ruby-0:2.2.9-19.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2018-03-26T00:00:00Z"}, {"advisory": "RHSA-2018:0583", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-ruby22-ruby-0:2.2.9-19.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date": "2018-03-26T00:00:00Z"}, {"advisory": "RHSA-2018:0583", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-ruby22-ruby-0:2.2.9-19.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2018-03-26T00:00:00Z"}], "bugzilla": {"description": "ruby: DL:: dlopen could open a library with tainted library name", "id": "1248935", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1248935"}, "csaw": false, "cvss": {"cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "status": "verified"}, "cwe": "CWE-267", "details": ["DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names."], "name": "CVE-2009-5147", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Will not fix", "package_name": "ruby193-ruby", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Will not fix", "package_name": "ruby", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "ruby", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "ruby", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "ruby", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Will not fix", "package_name": "rh-ruby22-ruby", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Will not fix", "package_name": "ruby193-ruby", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Will not fix", "package_name": "ruby200-ruby", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Will not fix", "package_name": "ruby193-ruby", "product_name": "Red Hat Subscription Asset Manager"}], "public_date": "2009-05-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-5147\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-5147"], "statement": "Red Hat Product Security has rated this issue as having Low security\nimpact. This issue is not currently planned to be addressed in future updates. \nFor additional information, refer to the Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}