CVE-2018-1000201

Опубликовано: 22 июн. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later.

Ссылки

https://github.com/ffi/ffi/commit/09e0c6076466b4383da7fa4e13f714311109945a
Patch
Third Party Advisory
https://github.com/ffi/ffi/commit/e0fe486df0e117ed67b0282b6ada04b7214ca05c
Patch
Third Party Advisory
https://github.com/ffi/ffi/commit/09e0c6076466b4383da7fa4e13f714311109945a
Patch
Third Party Advisory
https://github.com/ffi/ffi/commit/e0fe486df0e117ed67b0282b6ada04b7214ca05c
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:ruby-ffi_project:ruby-ffi:*:*:*:*:*:*:*:*

Версия до 1.9.23 (включая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.00237

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-426

Связанные уязвимости

CVE-2018-1000201

CVSS3: 7.8

ubuntu

больше 7 лет назад

CVE-2018-1000201

CVSS3: 7.8

debian

больше 7 лет назад

ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can ...

GHSA-2gw2-8q9w-cw8p

CVSS3: 7.8

github

больше 7 лет назад

Ruby-ffi has a DLL loading issue

EPSS

Процентиль: 47%

0.00237

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-426