vulnerability context

CVE-2016-2338

CVSS 9.8 CRITICALEPSS 91%CWE-787

An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow.

Published 2022-09-29 · last modified 2026-06-17

details

CISA KEV status: Not in catalog
CVSS v3: 9.8 / CRITICAL
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS: 91% percentile (score 0.0464)
CWE: CWE-787
OTX pulses: 0 total, 0 recent

View on NVD → · cve.org

source mentions 1

[CyberHub] 📌 CVE-2016-2338 - An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of...Bluesky:@cyberhub.blog · 1h ago

source consensus

Bluesky:@cyberhub.blog1×

Want the 3-bullet summary of CVE-2016-2338, plus webhook alerts when KEV is updated? Pro is $10/mo.

Open in reader See Pro →