Detections
Analytics
Alpine: multiple ruby packages: security update to 2.2.3-r1 (deprecated)
high Tenable Self-Hosted Container Security Plugin ID 401072
Description
There are packages installed that are affected by a vulnerability referenced in the following CVE:- The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and
2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting,
which allows context-dependent attackers to execute arbitrary code or cause a denial of service
(application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this
vulnerability exists because of a CVE-2009-5147 regression. (CVE-2015-7551)
See Also
https://git.alpinelinux.org/aports/commit/?id=3afa43694d2bfcb8401e198114b238eab4a133b4
https://git.alpinelinux.org/aports/commit/?id=bcaf2dc7c02360f7075d66726339cba8410f3833
Plugin Details
Severity: High
ID: 401072
Version: Revision 1.24
Type: Local
Published: 8/16/2023
Updated: 6/22/2026
Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 4.6
Temporal Score: 3.4
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2015-7551
CVSS v3
Risk Factor: High
Base Score: 8.4
Temporal Score: 7.3
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Exploit Ease: No known exploits are available
Patch Publication Date: 12/18/2015
Vulnerability Publication Date: 7/28/2015
Reference Information
CVE: CVE-2015-7551
BID: 76060