7.5

CVE-2017-14033

The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.

Data is provided by the National Vulnerability Database (NVD)
Ruby-langRuby Version2.2.0
Ruby-langRuby Version2.2.0 Updatepreview1
Ruby-langRuby Version2.2.0 Updatepreview2
Ruby-langRuby Version2.2.0 Updaterc1
Ruby-langRuby Version2.2.1
Ruby-langRuby Version2.2.2
Ruby-langRuby Version2.2.3
Ruby-langRuby Version2.2.4
Ruby-langRuby Version2.2.5
Ruby-langRuby Version2.2.6
Ruby-langRuby Version2.2.7
Ruby-langRuby Version2.3.0
Ruby-langRuby Version2.3.0 Updatepreview1
Ruby-langRuby Version2.3.0 Updatepreview2
Ruby-langRuby Version2.3.1
Ruby-langRuby Version2.3.2
Ruby-langRuby Version2.3.3
Ruby-langRuby Version2.3.4
Ruby-langRuby Version2.4.0
Ruby-langRuby Version2.4.0 Updatepreview1
Ruby-langRuby Version2.4.0 Updatepreview2
Ruby-langRuby Version2.4.0 Updatepreview3
Ruby-langRuby Version2.4.0 Updaterc1
Ruby-langRuby Version2.4.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 10.26% 0.929
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securitytracker.com/id/1039363
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/100868
Third Party Advisory
VDB Entry