Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-8778

Опубликовано: 03 апр. 2018
Источник: debian
EPSS Низкий

Описание

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ruby2.5fixed2.5.1-1package
ruby2.3removedpackage
ruby2.1removedpackage
ruby1.9.1removedpackage
ruby1.8removedpackage

Примечания

  • https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/

  • https://hackerone.com/reports/298246

  • Fixed by: https://github.com/ruby/ruby/commit/d02b7bd864706fc2a40d83fb6014772ad3cc3b80

  • Fixed by: https://github.com/ruby/ruby/commit/4cd92d7b13002161a3452a0fe278b877901a8859 (2.2.10)

EPSS

Процентиль: 67%
0.00537
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2018-8778

CVSS3: 7.5
ubuntu
почти 8 лет назад

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.

redhat логотип

CVE-2018-8778

CVSS3: 4.8
redhat
почти 8 лет назад

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.

nvd логотип

CVE-2018-8778

CVSS3: 7.5
nvd
почти 8 лет назад

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.

github логотип

GHSA-wvhq-ch4h-8pwr

CVSS3: 7.5
github
больше 3 лет назад

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.

fstec логотип

BDU:2019-04472

CVSS3: 7.5
fstec
почти 8 лет назад

Уязвимость метода String#unpack интерпретатора языка программирования Ruby, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 67%
0.00537
Низкий