VYPR
← All advisories
Low severityNVD Advisory· Published Mar 1, 2013· Updated Apr 29, 2026

CVE-2013-0162

CVE-2013-0162

Description

The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ruby_parserRubyGems
>= 2.0.2, < 3.1.23.1.2

Affected products

29
  • Ryan Davis/Ruby Parser29 versions
    cpe:2.3:a:ryan_davis:ruby_parser:*:*:*:*:*:*:*:*+ 28 more
    • cpe:2.3:a:ryan_davis:ruby_parser:*:*:*:*:*:*:*:*range: <=3.1.1
    • cpe:2.3:a:ryan_davis:ruby_parser:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:2.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:2.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:2.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:2.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:2.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:2.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:3.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a1:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a10:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a2:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a3:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a4:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a5:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a6:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a7:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a8:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a9:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:3.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:3.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:3.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ryan_davis:ruby_parser:3.1.0:*:*:*:*:*:*:*

Patches

2
506c7e13cff6

+ OMG A SECURITY ISSUE FOR CODE NOBODY USES... EVER

https://github.com/seattlerb/ruby_parserRyan DavisMar 8, 2013via ghsa
commit
1 file changed · +7 10
  • lib/gauntlet_rubyparser.rb+7 10 modified
    @@ -35,18 +35,15 @@ def should_skip? name
   def diff_pp o1, o2
     require 'pp'
 
-    File.open("/tmp/a.#{$$}", "w") do |f|
-      PP.pp o1, f
-    end
+    Tempfile.new('ruby_parser_a') do |file_a|
+      PP.pp o1, file_a
 
-    File.open("/tmp/b.#{$$}", "w") do |f|
-      PP.pp o2, f
-    end
+      Tempfile.new('ruby_parser_b') do |file_b|
+        PP.pp o2, file_b
 
-    `diff -u /tmp/a.#{$$} /tmp/b.#{$$}`
-  ensure
-    File.unlink "/tmp/a.#{$$}" rescue nil
-    File.unlink "/tmp/b.#{$$}" rescue nil
+        `diff -u #{file_a.path} #{file_b.path}`
+      end
+    end
   end
 
   def broke name, file, msg
c35acd878d50

Added gauntlet plugin.

https://github.com/seattlerb/ruby_parserRyan DavisJan 4, 2009via ghsa
commit
2 files changed · +121 0
  • lib/gauntlet_rubyparser.rb+120 0 added
    @@ -0,0 +1,120 @@
+#!/usr/bin/ruby -ws
+
+$f ||= false
+
+$:.unshift "../../ruby_parser/dev/lib"
+$:.unshift "../../ruby2ruby/dev/lib"
+
+require 'rubygems'
+require 'ruby2ruby'
+require 'ruby_parser'
+
+require 'gauntlet'
+
+class RubyParserGauntlet < Gauntlet
+  def initialize
+    super
+
+    self.data = Hash.new { |h,k| h[k] = {} }
+    old_data = load_yaml data_file
+    self.data.merge! old_data
+  end
+
+  def should_skip? name
+    if $f then
+      if Hash === data[name] then
+        ! data[name].empty?
+      else
+        data[name]
+      end
+    else
+      data[name] == true # yes, == true on purpose
+    end
+  end
+
+  def diff_pp o1, o2
+    require 'pp'
+
+    File.open("/tmp/a.#{$$}", "w") do |f|
+      PP.pp o1, f
+    end
+
+    File.open("/tmp/b.#{$$}", "w") do |f|
+      PP.pp o2, f
+    end
+
+    `diff -u /tmp/a.#{$$} /tmp/b.#{$$}`
+  ensure
+    File.unlink "/tmp/a.#{$$}" rescue nil
+    File.unlink "/tmp/b.#{$$}" rescue nil
+  end
+
+  def broke name, file, msg
+    warn "bad"
+    self.data[name][file] = msg
+    self.dirty = true
+  end
+
+  def process path, name
+    begin
+      $stderr.print "  #{path}: "
+      rp = RubyParser.new
+      r2r = Ruby2Ruby.new
+
+      old_ruby = File.read(path)
+
+      begin
+        old_sexp = rp.process old_ruby
+      rescue Racc::ParseError => e
+        self.data[name][path] = :unparsable
+        self.dirty = true
+        return
+      end
+
+      new_ruby = r2r.process old_sexp.deep_clone
+
+      begin
+        new_sexp = rp.process new_ruby
+      rescue Racc::ParseError => e
+        broke name, path, "couldn't parse new_ruby: #{e.message.strip}"
+        return
+      end
+
+      if old_sexp != new_sexp then
+        broke name, path, diff_pp(old_sexp, new_sexp)
+        return
+      end
+
+      self.data[name][path] = true
+      self.dirty = true
+
+      warn "good"
+    rescue Interrupt
+      puts "User cancelled"
+      exit 1
+    rescue Exception => e
+      broke name, path, "    UNKNOWN ERROR: #{e}: #{e.message.strip}"
+    end
+  end
+
+  def run name
+    warn name
+    Dir["**/*.rb"].sort.each do |path|
+      next if path =~ /gemspec.rb/ # HACK
+      next if data[name][path] == true
+      process path, name
+    end
+
+    if self.data[name].values.all? { |v| v == true } then
+      warn "  ALL GOOD!"
+      self.data[name] = true
+      self.dirty = true
+    end
+  end
+end
+
+filter = ARGV.shift
+filter = Regexp.new filter if filter
+
+gauntlet = RubyParserGauntlet.new
+gauntlet.run_the_gauntlet filter
  • Manifest.txt+1 0 modified
    @@ -4,6 +4,7 @@ Manifest.txt
 README.txt
 Rakefile
 bin/ruby_parse
+lib/gauntlet_rubyparser.rb
 lib/ruby_lexer.rb
 lib/ruby_parser.y
 lib/ruby_parser_extras.rb

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

11

News mentions

0

No linked articles in our index yet.