Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-14033

Опубликовано: 14 сент. 2017
Источник: redhat
CVSS3: 5.3
EPSS Средний

Описание

The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.

It was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun. An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service.

Отчет

This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5 and 6, and the versions of rh-ruby24-ruby. This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections 3. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5rh-ruby22-rubyNot affected
CloudForms Management Engine 5ruby-200-rubyNot affected
Red Hat Enterprise Linux 5rubyNot affected
Red Hat Enterprise Linux 6rubyNot affected
Red Hat Software Collectionsrh-ruby24-rubyNot affected
Red Hat Subscription Asset Managerruby193-rubyWill not fix
Red Hat Enterprise Linux 7rubyFixedRHSA-2018:037828.02.2018
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-ruby22-rubyFixedRHSA-2018:058326.03.2018
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-ruby23-rubyFixedRHSA-2018:058526.03.2018
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUSrh-ruby22-rubyFixedRHSA-2018:058326.03.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=1491866ruby: Buffer underrun in OpenSSL ASN1 decode

EPSS

Процентиль: 93%
0.10256
Средний

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-14033

CVSS3: 7.5
ubuntu
около 8 лет назад

The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.

nvd логотип

CVE-2017-14033

CVSS3: 7.5
nvd
около 8 лет назад

The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.

debian логотип

CVE-2017-14033

CVSS3: 7.5
debian
около 8 лет назад

The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2. ...

github логотип

GHSA-v6rp-3r3v-hf4p

CVSS3: 7.5
github
больше 3 лет назад

Ruby OpenSSL DoS Vulnerability

oracle-oval логотип

ELSA-2018-0378

oracle-oval
больше 7 лет назад

ELSA-2018-0378: ruby security update (IMPORTANT)

EPSS

Процентиль: 93%
0.10256
Средний

5.3 Medium

CVSS3