1. Home
  2. Vulnerabilities
  3. CVE-2017-14033

CVE-2017-14033

CVSS v3.0 7.5 (High)
75% Progress
CVSS v2.0 5 (Medium)
50% Progress
EPSS 1.83 % (89th)
1.83% Progress
Affected Products 1
Advisories 15
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.

Weaknesses
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2017-09-19 17:29:00
(7 years ago)
Updated Date
2018-10-31 10:29:06
(5 years ago)

Affected Products

Ruby-lang

Configuration #1

    CPE23 From Up To
  Ruby-lang Ruby 2.2.0 cpe:2.3:a:ruby-lang:ruby:2.2.0
  Ruby-lang Ruby 2.2.0 Preview1 cpe:2.3:a:ruby-lang:ruby:2.2.0:preview1
  Ruby-lang Ruby 2.2.0 Preview2 cpe:2.3:a:ruby-lang:ruby:2.2.0:preview2
  Ruby-lang Ruby 2.2.0 Rc1 cpe:2.3:a:ruby-lang:ruby:2.2.0:rc1
  Ruby-lang Ruby 2.2.1 cpe:2.3:a:ruby-lang:ruby:2.2.1
  Ruby-lang Ruby 2.2.2 cpe:2.3:a:ruby-lang:ruby:2.2.2
  Ruby-lang Ruby 2.2.3 cpe:2.3:a:ruby-lang:ruby:2.2.3
  Ruby-lang Ruby 2.2.4 cpe:2.3:a:ruby-lang:ruby:2.2.4
  Ruby-lang Ruby 2.2.5 cpe:2.3:a:ruby-lang:ruby:2.2.5
  Ruby-lang Ruby 2.2.6 cpe:2.3:a:ruby-lang:ruby:2.2.6
  Ruby-lang Ruby 2.2.7 cpe:2.3:a:ruby-lang:ruby:2.2.7
  Ruby-lang Ruby 2.3.0 cpe:2.3:a:ruby-lang:ruby:2.3.0
  Ruby-lang Ruby 2.3.0 Preview1 cpe:2.3:a:ruby-lang:ruby:2.3.0:preview1
  Ruby-lang Ruby 2.3.0 Preview2 cpe:2.3:a:ruby-lang:ruby:2.3.0:preview2
  Ruby-lang Ruby 2.3.1 cpe:2.3:a:ruby-lang:ruby:2.3.1
  Ruby-lang Ruby 2.3.2 cpe:2.3:a:ruby-lang:ruby:2.3.2
  Ruby-lang Ruby 2.3.3 cpe:2.3:a:ruby-lang:ruby:2.3.3
  Ruby-lang Ruby 2.3.4 cpe:2.3:a:ruby-lang:ruby:2.3.4
  Ruby-lang Ruby 2.4.0 cpe:2.3:a:ruby-lang:ruby:2.4.0
  Ruby-lang Ruby 2.4.0 Preview1 cpe:2.3:a:ruby-lang:ruby:2.4.0:preview1
  Ruby-lang Ruby 2.4.0 Preview2 cpe:2.3:a:ruby-lang:ruby:2.4.0:preview2
  Ruby-lang Ruby 2.4.0 Preview3 cpe:2.3:a:ruby-lang:ruby:2.4.0:preview3
  Ruby-lang Ruby 2.4.0 Rc1 cpe:2.3:a:ruby-lang:ruby:2.4.0:rc1
  Ruby-lang Ruby 2.4.1 cpe:2.3:a:ruby-lang:ruby:2.4.1