Описание
The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as a bypass of a $SAFE protection mechanism.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [ruby 2.4+ only]] |
| precise/esm | DNE | |
| trusty | not-affected | ruby 2.4+ only |
| trusty/esm | DNE | trusty was not-affected [ruby 2.4+ only] |
| upstream | not-affected | ruby 2.4+ only |
| vivid/ubuntu-core | DNE | |
| xenial | DNE | |
| yakkety | DNE | |
| zesty | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [ruby 2.4+ only]] |
| precise/esm | DNE | |
| trusty | not-affected | ruby 2.4+ only |
| trusty/esm | DNE | trusty was not-affected [ruby 2.4+ only] |
| upstream | not-affected | ruby 2.4+ only |
| vivid/ubuntu-core | DNE | |
| xenial | DNE | |
| yakkety | DNE | |
| zesty | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | ruby 2.4+ only |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/xenial | not-affected | ruby 2.4+ only |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | not-affected | ruby 2.4+ only |
| vivid/ubuntu-core | DNE | |
| xenial | not-affected | ruby 2.4+ only |
| yakkety | not-affected | ruby 2.4+ only |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as a bypass of a $SAFE protection mechanism.
The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as a bypass of a $SAFE protection mechanism.
The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows a ...
The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as a bypass of a $SAFE protection mechanism.
Уязвимость функции parser_yyerror анализатора UTF-8-формата интерпретатора Ruby, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3