CVE-2017-0898

Summary

Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.

Impact & exploitability

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Affected products we track (1)

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Additional information

• NVD record
• http://www.securityfocus.com/bid/100862Advisory
• http://www.securitytracker.com/id/1039363Advisory
• https://access.redhat.com/errata/RHSA-2017:3485
• https://access.redhat.com/errata/RHSA-2018:0378
• https://access.redhat.com/errata/RHSA-2018:0583
• https://access.redhat.com/errata/RHSA-2018:0585
• https://github.com/mruby/mruby/issues/3722Advisory
• https://hackerone.com/reports/212241Advisory