Unrated severityNVD Advisory· Published Dec 11, 2009· Updated Apr 23, 2026
CVE-2009-4124
CVE-2009-4124
Description
Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of these details are obtained from third party information.
Affected products
7cpe:2.3:a:ruby-lang:ruby:1.9.1:-p0:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:ruby-lang:ruby:1.9.1:-p0:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.1:-p129:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.1:-p243:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_1:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_2:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc1:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc2:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/nvdPatchVendor Advisory
- secunia.com/advisories/37660nvdVendor Advisory
- www.vupen.com/english/advisories/2009/3471nvdVendor Advisory
- www.osvdb.org/60880nvd
- www.securityfocus.com/bid/37278nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/54674nvd
News mentions
0No linked articles in our index yet.