VYPR
Unrated severityNVD Advisory· Published Apr 25, 2013· Updated Jun 16, 2026

CVE-2012-4464

CVE-2012-4464

Description

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE: this issue might exist because of a CVE-2011-1005 regression.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

12
  • Ruby Lang/Ruby11 versions
    cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*
  • Range: 1.9.3 < patchlevel 286; 2.0 < revision r37068

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.