CVE-2018-16396

CVSS v3.0 8.1 (High)

CVSS v2.0 6.8 (Medium)

EPSS 0.94 % (83^th)

Affected Products 4

Advisories 15

An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.

Weaknesses

CWE-NVD-noinfo

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2018-11-16 18:29:01
(5 years ago)
Updated Date: 2019-10-03 00:03:26
(5 years ago)

Affected Products

Configuration #1

	CPE23	From	Up To
Ruby-lang Ruby from 2.3.0 version and 2.3.7 and prior versions	cpe:2.3:a:ruby-lang:ruby	>= 2.3.0	<= 2.3.7
Ruby-lang Ruby from 2.4.0 version and 2.4.4 and prior versions	cpe:2.3:a:ruby-lang:ruby	>= 2.4.0	<= 2.4.4
Ruby-lang Ruby from 2.5.0 version and 2.5.1 and prior versions	cpe:2.3:a:ruby-lang:ruby	>= 2.5.0	<= 2.5.1
Ruby-lang Ruby 2.6.0 Preview1	cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1
Ruby-lang Ruby 2.6.0 Preview2	cpe:2.3:a:ruby-lang:ruby:2.6.0:preview2

Configuration #2

		CPE23	From	Up To
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:lts
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:lts
	Canonical Ubuntu Linux 18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04:::*:lts
	Canonical Ubuntu Linux 18.10	cpe:2.3:o:canonical:ubuntu_linux:18.10

Configuration #3

		CPE23	From	Up To
	Debian Linux 8.0	cpe:2.3:o:debian:debian_linux:8.0
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0

Configuration #4

		CPE23	From	Up To
	Redhat Enterprise Linux 6.0	cpe:2.3:o:redhat:enterprise_linux:6.0
	Redhat Enterprise Linux 7.0	cpe:2.3:o:redhat:enterprise_linux:7.0
	Redhat Enterprise Linux 7.4	cpe:2.3:o:redhat:enterprise_linux:7.4
	Redhat Enterprise Linux 7.5	cpe:2.3:o:redhat:enterprise_linux:7.5
	Redhat Enterprise Linux 7.6	cpe:2.3:o:redhat:enterprise_linux:7.6

Weaknesses

Affected Products

Canonical

Debian

Redhat

Ruby-lang

Configuration #1

Configuration #2

Configuration #3

Configuration #4