Unrated severityNVD Advisory· Published Apr 25, 2013· Updated Jun 16, 2026
CVE-2012-4464
CVE-2012-4464
Description
Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE: this issue might exist because of a CVE-2011-1005 regression.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
7- www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/nvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2012-October/089554.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2012-October/089887.htmlnvd
- svn.ruby-lang.org/cgi-bin/viewvc.cginvd
- www.openwall.com/lists/oss-security/2012/10/02/4nvd
- www.openwall.com/lists/oss-security/2012/10/03/9nvd
- bugzilla.redhat.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.