CVE-2017-14033

Опубликовано: 19 сент. 2017

Источник: debian

EPSS Средний

Описание

The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.

Пакеты

Пакет	Статус	Версия исправления	Тип
ruby2.3	fixed	2.3.5-1	package
ruby2.1	removed		package
ruby1.9.1	removed		package
ruby1.8	not-affected		package

Примечания

https://bugzilla.suse.com/show_bug.cgi?id=1058757
https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/
https://github.com/ruby/openssl/commit/1648afef33c1d97fb203c82291b8a61269e85d3b

EPSS

Процентиль: 93%

0.10256

Средний

Связанные уязвимости

CVE-2017-14033

CVSS3: 7.5

ubuntu

около 8 лет назад

The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.

CVE-2017-14033

CVSS3: 5.3

redhat

около 8 лет назад

The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.

CVE-2017-14033

CVSS3: 7.5

nvd

около 8 лет назад

The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.

GHSA-v6rp-3r3v-hf4p

CVSS3: 7.5

github

больше 3 лет назад

Ruby OpenSSL DoS Vulnerability

ELSA-2018-0378

oracle-oval

больше 7 лет назад

ELSA-2018-0378: ruby security update (IMPORTANT)

EPSS

Процентиль: 93%

0.10256

Средний