Description

The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.

Remediation

References

CVE-2017-14033

Related Vulnerabilities

WordPress Plugin WP BASE Booking of Appointments, Services and Events PHP Object Injection (3.5.0)

WordPress Plugin WP Smart Security PHP Object Injection (1.0)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-3438)

WordPress Plugin Game Server Status Multiple Vulnerabilities (1.0)

Moodle Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-3809)

Severity

High

Classification

CVE-2017-14033 CWE-119 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities