CVE-2017-14033

Опубликовано: 19 сент. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Средний

Описание

The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.

Ссылки

http://www.securityfocus.com/bid/100868
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039363
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1042004
https://access.redhat.com/errata/RHSA-2018:0378
https://access.redhat.com/errata/RHSA-2018:0583
https://access.redhat.com/errata/RHSA-2018:0585
https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html
https://security.gentoo.org/glsa/201710-18
https://www.debian.org/security/2017/dsa-4031
https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/
Mitigation
Vendor Advisory
https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/
Patch
Release Notes
Vendor Advisory
https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/
Patch
Release Notes
Vendor Advisory
http://www.securityfocus.com/bid/100868
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039363
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1042004
https://access.redhat.com/errata/RHSA-2018:0378
https://access.redhat.com/errata/RHSA-2018:0583
https://access.redhat.com/errata/RHSA-2018:0585
https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html
https://security.gentoo.org/glsa/201710-18

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.2.0:preview1:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.2.0:preview2:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.2.0:rc1:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.2.4:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.2.5:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.2.6:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.2.7:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.3.0:preview1:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.3.0:preview2:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.3.1:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.3.2:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.3.3:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.3.4:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.4.0:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.4.0:preview1:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.4.0:preview2:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.4.0:preview3:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.4.0:rc1:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.10256

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

CVE-2017-14033

CVSS3: 7.5

ubuntu

около 8 лет назад

The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.

CVE-2017-14033

CVSS3: 5.3

redhat

около 8 лет назад

The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.

CVE-2017-14033

CVSS3: 7.5

debian

около 8 лет назад

The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2. ...

GHSA-v6rp-3r3v-hf4p

CVSS3: 7.5

github

больше 3 лет назад

Ruby OpenSSL DoS Vulnerability

ELSA-2018-0378

oracle-oval

больше 7 лет назад

ELSA-2018-0378: ruby security update (IMPORTANT)

EPSS

Процентиль: 93%

0.10256

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-119