Описание
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| lucid | ignored | end of life |
| precise | released | 1.8.7.352-2ubuntu1.4 |
| quantal | released | 1.8.7.358-4ubuntu0.4 |
| raring | released | 1.8.7.358-7ubuntu1.2 |
| saucy | released | 1.8.7.358-7ubuntu2.1 |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| lucid | ignored | end of life |
| precise | DNE | |
| quantal | DNE | |
| raring | DNE | |
| saucy | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1.9.3.448-1ubuntu2 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1.9.3.448-1ubuntu2]] |
| lucid | ignored | end of life |
| precise | released | 1.9.3.0-1ubuntu2.8 |
| quantal | released | 1.9.3.194-1ubuntu1.6 |
| raring | released | 1.9.3.194-8.1ubuntu1.2 |
| saucy | released | 1.9.3.194-8.1ubuntu2.1 |
| trusty | released | 1.9.3.448-1ubuntu2 |
| trusty/esm | DNE | trusty was released [1.9.3.448-1ubuntu2] |
| upstream | released | 1.9.3.484 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 2.0.0.343-1ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [2.0.0.343-1ubuntu1]] |
| lucid | DNE | |
| precise | DNE | |
| quantal | DNE | |
| raring | DNE | |
| saucy | ignored | end of life |
| trusty | released | 2.0.0.343-1ubuntu1 |
| trusty/esm | DNE | trusty was released [2.0.0.343-1ubuntu1] |
| upstream | released | 2.0.0.353 |
Показывать по
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 bef ...
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.
EPSS
6.8 Medium
CVSS2