Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-0898

Опубликовано: 15 сент. 2017
Источник: nvd
CVSS3: 9.1
CVSS2: 6.4
EPSS Низкий

Описание

Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.2.7:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:*:*:*

EPSS

Процентиль: 74%
0.00846
Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-134
CWE-134

Связанные уязвимости

ubuntu логотип

CVE-2017-0898

CVSS3: 9.1
ubuntu
около 8 лет назад

Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.

redhat логотип

CVE-2017-0898

CVSS3: 6.5
redhat
около 8 лет назад

Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.

debian логотип

CVE-2017-0898

CVSS3: 9.1
debian
около 8 лет назад

Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious forma ...

github логотип

GHSA-wvmx-3rv2-5jgf

CVSS3: 9.1
github
больше 3 лет назад

Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.

oracle-oval логотип

ELSA-2018-0378

oracle-oval
больше 7 лет назад

ELSA-2018-0378: ruby security update (IMPORTANT)

EPSS

Процентиль: 74%
0.00846
Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-134
CWE-134