CVE-2017-0898
published 2017-09-15CVE-2017-0898: Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation…
PriorityP351critical9.1CVSS 3.0
AVNACLPRNUINSUCHINAH
EPSS
9.72%
94.9th percentile
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.
Affected
39 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos_high_sierra_10.13.6_security_update_2018-004_sierra_security_update_2018-0 | — | — |
| apple | macos_mojave_10.14.1_security_update_2018-002_high_sierra_security_update_2018-0 | — | — |
| hackerone | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | >= 0 < 2.4.2-r0 | 2.4.2-r0 |
| ruby-lang | ruby | >= 0 < 2.4.2-r0 | 2.4.2-r0 |
| ruby-lang | ruby | >= 0 < 2.4.2-r0 | 2.4.2-r0 |
| ruby-lang | ruby | >= 0 < 2.4.2-r0 | 2.4.2-r0 |
| ruby-lang | ruby | >= 0 < 2.4.2-r0 | 2.4.2-r0 |
| ruby-lang | ruby | >= 0 < 2.4.2-r0 | 2.4.2-r0 |
| ruby-lang | ruby | >= 0 < 2.4.2-r0 | 2.4.2-r0 |
CVSS provenance
nvdv3.09.1CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:P
osv9.1CRITICAL
vendor_redhat9.1CRITICAL
vendor_ubuntu9.1CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Ruby regression
vendor_ubuntu·2021-03-25·CVSS 9.1
CVE-2017-0903 [CRITICAL] Ruby regression
Title: Ruby regression
Summary: USN-3685-1 introduced a regression in Ruby.
USN-3685-1 fixed a vulnerability in Ruby. The fix for CVE-2017-0903 introduced
a regression in Ruby. This update fixes the problem.
Original advisory details:
Some of these CVE were already addressed in previous
USN: 3439-1, 3553-1, 3528-1. Here we address for
the remain releases.
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could use this to cause a buffer overrun. (CVE-2017-0898)
It was discovered that Ruby incorrectly handled certain files.
An attacker could use this to overwrite any file on the filesystem.
(CVE-2017-0901)
It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability.
An attacker could use this to possibly force the RubyGems client to download
Apple
CVE-2017-0898: macOS Mojave 10.14.1, Security Update 2018-002 High Sierra, Security Update 2018-005 Sierra
vendor_apple·2018-10-30·CVSS 9.1
CVE-2017-0898 [CRITICAL] CVE-2017-0898: macOS Mojave 10.14.1, Security Update 2018-002 High Sierra, Security Update 2018-005 Sierra
Apple Security Update: About the security content of macOS Mojave 10.14.1, Security Update 2018-002 High Sierra, Security Update 2018-005 Sierra
Product: macOS Mojave 10.14.1, Security Update 2018-002 High Sierra, Security Update 2018-005 Sierra
CVE: CVE-2017-0898
Component: CVE-2017-0898
Apple
CVE-2017-0898: macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan
vendor_apple·2018-07-09·CVSS 9.1
CVE-2017-0898 [CRITICAL] CVE-2017-0898: macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan
Apple Security Update: About the security content of macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan
Product: macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan
CVE: CVE-2017-0898
Component: CVE-2017-0898
Ubuntu
Ruby vulnerabilities
vendor_ubuntu·2018-06-13·CVSS 9.1
CVE-2017-0898 [CRITICAL] Ruby vulnerabilities
Title: Ruby vulnerabilities
Summary: Several security issues were fixed in Ruby.
Some of these CVE were already addressed in previous
USN: 3439-1, 3553-1, 3528-1. Here we address for
the remain releases.
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could use this to cause a buffer overrun. (CVE-2017-0898)
It was discovered that Ruby incorrectly handled certain files.
An attacker could use this to overwrite any file on the filesystem.
(CVE-2017-0901)
It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability.
An attacker could use this to possibly force the RubyGems client to download
and install gems from a server that the attacker controls. (CVE-2017-0902)
It was discovered that Ruby incorrectly handled certain YAML files.
An attacker
Ubuntu
Ruby vulnerabilities
vendor_ubuntu·2017-10-05·CVSS 9.1
CVE-2017-0898 [CRITICAL] Ruby vulnerabilities
Title: Ruby vulnerabilities
Summary: Several security issues were fixed in Ruby.
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could use this to cause a buffer overrun.
(CVE-2017-0898)
Yusuke Endoh discovered that Ruby incorrectly handled certain files.
An attacker could use this to execute terminal escape sequences.
(CVE-2017-0899)
Yusuke Endoh discovered that Ruby incorrectly handled certain inputs.
An attacker could use this to cause a denial of service.
(CVE-2017-0900)
It was discovered that Ruby incorrectly handled certain files.
An attacker could use this to overwrite any file on the filesystem.
(CVE-2017-0901)
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could use this to execute arbitrary code.
(CVE-2017-10784)
It
Red Hat
ruby: Buffer underrun vulnerability in Kernel.sprintf
vendor_redhat·2017-09-14·CVSS 9.1
CVE-2017-0898 [CRITICAL] CWE-122 ruby: Buffer underrun vulnerability in Kernel.sprintf
ruby: Buffer underrun vulnerability in Kernel.sprintf
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.
A buffer underflow was found in ruby's sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter.
Statement: This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Mod
GHSA
GHSA-wvmx-3rv2-5jgf: Ruby before 2
ghsa_unreviewed·2022-05-14
CVE-2017-0898 [CRITICAL] CWE-134 GHSA-wvmx-3rv2-5jgf: Ruby before 2
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.
OSV
ruby2.0 regression
osv·2021-03-25·CVSS 9.1
CVE-2017-0903 [CRITICAL] ruby2.0 regression
ruby2.0 regression
USN-3685-1 fixed a vulnerability in Ruby. The fix for CVE-2017-0903 introduced
a regression in Ruby. This update fixes the problem.
Original advisory details:
Some of these CVE were already addressed in previous
USN: 3439-1, 3553-1, 3528-1. Here we address for
the remain releases.
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could use this to cause a buffer overrun. (CVE-2017-0898)
It was discovered that Ruby incorrectly handled certain files.
An attacker could use this to overwrite any file on the filesystem.
(CVE-2017-0901)
It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability.
An attacker could use this to possibly force the RubyGems client to download
and install gems from a server that the attacker controls.
OSV
ruby1.9.1, ruby2.0, ruby2.3 vulnerabilities
osv·2018-06-13·CVSS 9.1
CVE-2017-0898 [CRITICAL] ruby1.9.1, ruby2.0, ruby2.3 vulnerabilities
ruby1.9.1, ruby2.0, ruby2.3 vulnerabilities
Some of these CVE were already addressed in previous
USN: 3439-1, 3553-1, 3528-1. Here we address for
the remain releases.
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could use this to cause a buffer overrun. (CVE-2017-0898)
It was discovered that Ruby incorrectly handled certain files.
An attacker could use this to overwrite any file on the filesystem.
(CVE-2017-0901)
It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability.
An attacker could use this to possibly force the RubyGems client to download
and install gems from a server that the attacker controls. (CVE-2017-0902)
It was discovered that Ruby incorrectly handled certain YAML files.
An attacker could use this to possibly execute arb
OSV
ruby1.9.1 vulnerabilities
osv·2017-10-05·CVSS 9.1
CVE-2017-0898 [CRITICAL] ruby1.9.1 vulnerabilities
ruby1.9.1 vulnerabilities
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could use this to cause a buffer overrun.
(CVE-2017-0898)
Yusuke Endoh discovered that Ruby incorrectly handled certain files.
An attacker could use this to execute terminal escape sequences.
(CVE-2017-0899)
Yusuke Endoh discovered that Ruby incorrectly handled certain inputs.
An attacker could use this to cause a denial of service.
(CVE-2017-0900)
It was discovered that Ruby incorrectly handled certain files.
An attacker could use this to overwrite any file on the filesystem.
(CVE-2017-0901)
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could use this to execute arbitrary code.
(CVE-2017-10784)
It was discovered that Ruby incorrectly handled certain inp
OSV
CVE-2017-0898: Ruby before 2
osv·2017-09-15·CVSS 9.1
CVE-2017-0898 [CRITICAL] CVE-2017-0898: Ruby before 2
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-0898 ruby: Buffer underrun vulnerability in Kernel.sprintf
bugzilla·2017-09-15·CVSS 9.1
CVE-2017-0898 [CRITICAL] CVE-2017-0898 ruby: Buffer underrun vulnerability in Kernel.sprintf
CVE-2017-0898 ruby: Buffer underrun vulnerability in Kernel.sprintf
There is a buffer underrun vulnerability in the sprintf method of Kernel module. If a malicious format string which contains a precious specifier (*) is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or the Ruby interpreter may crash.
External References:
https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/
Discussion:
Created ruby tracking bugs for this issue:
Affects: fedora-all [bug 1492016]
Created ruby193-ruby tracking bugs for this issue:
Affects: openshift-1 [bug 1492017]
---
ruby-2.4.2-84.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please m
Bugzilla
CVE-2017-0898 CVE-2017-10784 CVE-2017-14033 ruby: various flaws [fedora-all]
bugzilla·2017-09-15·CVSS 9.1
CVE-2017-0898 [CRITICAL] CVE-2017-0898 CVE-2017-10784 CVE-2017-14033 ruby: various flaws [fedora-all]
CVE-2017-0898 CVE-2017-10784 CVE-2017-14033 ruby: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions
Bugzilla
CVE-2017-2653 CloudForms: UI security issue on Openstack actions
bugzilla·2017-03-14·CVSS 4.1
CVE-2017-2653 [MEDIUM] CVE-2017-2653 CloudForms: UI security issue on Openstack actions
CVE-2017-2653 CloudForms: UI security issue on Openstack actions
Martin Povolny of Red Hat reports:
Several routes in the CloudForms app contained actions that can be performed via GET request instead of POST request. This could result in a failure to check the protect_from_forgery token, so these actions may be vulnerable to XSRF.
Discussion:
Accidentally scored without user interaction required, corrected CVSSv2/3 scores.
---
This issue has been addressed in the following products:
CloudForms Management Engine 5.7
Via RHSA-2017:0898 https://access.redhat.com/errata/RHSA-2017:0898
http://www.securityfocus.com/bid/100862http://www.securitytracker.com/id/1039363https://access.redhat.com/errata/RHSA-2017:3485https://access.redhat.com/errata/RHSA-2018:0378https://access.redhat.com/errata/RHSA-2018:0583https://access.redhat.com/errata/RHSA-2018:0585https://github.com/mruby/mruby/issues/3722https://hackerone.com/reports/212241https://lists.debian.org/debian-lts-announce/2018/07/msg00012.htmlhttps://security.gentoo.org/glsa/201710-18https://usn.ubuntu.com/3685-1/https://www.debian.org/security/2017/dsa-4031https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/http://www.securityfocus.com/bid/100862http://www.securitytracker.com/id/1039363https://access.redhat.com/errata/RHSA-2017:3485https://access.redhat.com/errata/RHSA-2018:0378https://access.redhat.com/errata/RHSA-2018:0583https://access.redhat.com/errata/RHSA-2018:0585https://github.com/mruby/mruby/issues/3722https://hackerone.com/reports/212241https://lists.debian.org/debian-lts-announce/2018/07/msg00012.htmlhttps://security.gentoo.org/glsa/201710-18https://usn.ubuntu.com/3685-1/https://www.debian.org/security/2017/dsa-4031https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/
2017-09-15
Published