Description

Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.

Remediation

References

CVE-2017-0898

Related Vulnerabilities

ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-5954)

Apache HTTP Server CVE-2003-0789 Vulnerability (CVE-2003-0789)

WordPress Plugin NextCellent Gallery-NextGEN Legacy Cross-Site Scripting (1.9.27)

Drupal Core 8.x.x Arbitrary File Overwrite (8.0.0 - 8.7.14)

WordPress Plugin LazyEater Multiple Unspecified Vulnerabilities (1.2.4)

Severity

Critical

Classification

CVE-2017-0898 CWE-134 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Tags

Missing Update Known Vulnerabilities