CVE-2017-14064
CVSS v3.0
9.8 (Critical)
CVSS v2.0
7.5 (High)
EPSS
0.60 % (79th)
Affected Products
9
Advisories
14
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len.
Weaknesses
- CWE-119
- Improper Restriction of Operations within the Bounds of a Memory Buffer
- CVE Status
- PUBLISHED
- CNA
- MITRE
- Published Date
-
2017-08-31 17:29:00
(7 years ago) - Updated Date
-
2019-05-13 18:48:46
(5 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Configuration #4
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...