VYPR
Unrated severityNVD Advisory· Published Dec 11, 2009· Updated Jun 16, 2026

CVE-2009-4124

CVE-2009-4124

Description

Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of these details are obtained from third party information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

8
  • Ruby Lang/Ruby7 versions
    cpe:2.3:a:ruby-lang:ruby:1.9.1:-p0:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:ruby-lang:ruby:1.9.1:-p0:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:1.9.1:-p129:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:1.9.1:-p243:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_1:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_2:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc1:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc2:*:*:*:*:*:*
  • Range: <1.9.1-p376

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.