CVE-2017-0898
CVSS v3.0
9.1 (Critical)
CVSS v2.0
6.4 (Medium)
EPSS
1.26 % (86th)
Affected Products
1
Advisories
14
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.
Weaknesses
- CWE-134
- Use of Externally-Controlled Format String
- CVE Status
- PUBLISHED
- CNA
- HackerOne
- Published Date
-
2017-09-15 19:29:00
(7 years ago) - Updated Date
-
2018-07-15 01:29:01
(6 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...