CVE-2019-16892: Rubyzip denial of service
5.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.46412%
CWE
Published
9/30/2019
Updated
11/17/2023
KEV Status
No
Technology
Ruby
Technical Details
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
rubyzip | rubygems | < 1.3.0 | 1.3.0 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from missing validation during ZIP entry extraction. The GitHub patch adds size tracking/validation in create_file and introduces the validate_entry_sizes flag. Pre-patch versions lacked these checks in the extraction flow (create_file/extract methods), making them trust the spoofable header value. The test case in file_extract_test.rb explicitly demonstrates how extraction could write more data than indicated by the forged size field.