CVE-2017-0898 Information

Description

Ruby before 2.4.2 2.3.5 and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun resulting in a heap memory corruption or an information disclosure from the heap.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Reference

http://www.securityfocus.com/bid/100862 http://www.securitytracker.com/id/1039363 https://access.redhat.com/errata/RHSA-2017:3485 https://access.redhat.com/errata/RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0585 https://github.com/mruby/mruby/issues/3722 https://hackerone.com/reports/212241 https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html https://security.gentoo.org/glsa/201710-18 https://usn.ubuntu.com/3685-1/ https://www.debian.org/security/2017/dsa-4031 https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

HIGH

Base Severity

9.1