VYPR
Critical severity9.8NVD Advisory· Published Jan 6, 2017· Updated Jun 17, 2026

CVE-2016-2337

CVE-2016-2337

Description

Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5
  • Ruby Lang/Ruby3 versions
    cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*
    • (no CPE)range: 2.3.0 dev
  • Tcl Tk/Tcl\/tkcpe-rescue
    Range: 8.6 or later

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.