Описание
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1.9.3.484-2ubuntu1.5]] |
| precise/esm | DNE | |
| trusty | released | 1.9.3.484-2ubuntu1.5 |
| trusty/esm | DNE | trusty was released [1.9.3.484-2ubuntu1.5] |
| upstream | needs-triage | |
| vivid/ubuntu-core | DNE | |
| xenial | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [2.0.0.484-1ubuntu2.10]] |
| precise/esm | DNE | |
| trusty | released | 2.0.0.484-1ubuntu2.10 |
| trusty/esm | DNE | trusty was released [2.0.0.484-1ubuntu2.10] |
| upstream | needs-triage | |
| vivid/ubuntu-core | DNE | |
| xenial | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 2.3.3-1ubuntu1.6 |
| bionic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/xenial | released | 2.3.1-2~16.04.10 |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 2.3.5 |
| vivid/ubuntu-core | DNE |
Показывать по
Ссылки на источники
EPSS
6.4 Medium
CVSS2
9.1 Critical
CVSS3
Связанные уязвимости
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious forma ...
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.
EPSS
6.4 Medium
CVSS2
9.1 Critical
CVSS3