9.8

CVE-2017-14064

Exploit
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ruby-langRuby Version <= 2.2.7
Ruby-langRuby Version2.3.0
Ruby-langRuby Version2.3.0 Updatepreview1
Ruby-langRuby Version2.3.0 Updatepreview2
Ruby-langRuby Version2.3.1
Ruby-langRuby Version2.3.2
Ruby-langRuby Version2.3.3
Ruby-langRuby Version2.3.4
Ruby-langRuby Version2.4.0
Ruby-langRuby Version2.4.0 Updatepreview1
Ruby-langRuby Version2.4.0 Updatepreview2
Ruby-langRuby Version2.4.0 Updatepreview3
Ruby-langRuby Version2.4.0 Updaterc1
Ruby-langRuby Version2.4.1
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version17.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.45% 0.948
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://access.redhat.com/errata/RHSA-2018:0583
Third Party Advisory
https://security.gentoo.org/glsa/201710-18
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html
Third Party Advisory
Mailing List
https://www.debian.org/security/2017/dsa-3966
Third Party Advisory
http://www.securityfocus.com/bid/100890
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039363
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1042004
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:3485
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0378
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0585
Third Party Advisory
https://bugs.ruby-lang.org/issues/13853
Patch
Vendor Advisory
Issue Tracking
https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85
Patch
Third Party Advisory
Issue Tracking
https://hackerone.com/reports/209949
Third Party Advisory
Exploit
https://usn.ubuntu.com/3685-1/
Third Party Advisory
https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/
Vendor Advisory
https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/
Vendor Advisory