Description

Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.

Remediation

References

CVE-2017-0898

Related Vulnerabilities

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-40315)

WordPress Plugin Podlove Podcast Publisher Cross-Site Scripting (3.8.2)

OpenSSL Resource Management Errors Vulnerability (CVE-2016-6304)

PostgreSQL Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2010-1169)

Grafana Cleartext Storage of Sensitive Information Vulnerability (CVE-2020-12458)

Severity

Critical

Classification

CVE-2017-0898 CWE-134 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Tags

Missing Update Known Vulnerabilities