cbcvebase.
CVE-2017-14033
published 2017-09-19

CVE-2017-14033: The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service…

PriorityP337high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
7.73%
93.9th percentile
The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.

Affected

39 ranges· showing 25
VendorProductVersion rangeFixed in
applemacos_high_sierra_10.13.6_security_update_2018-004_sierra_security_update_2018-0
applemacos_mojave_10.14.1_security_update_2018-002_high_sierra_security_update_2018-0
opensslopenssl>= 0 < 2.0.02.0.0
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby
ruby-langruby>= 0 < 2.4.2-r02.4.2-r0
ruby-langruby>= 0 < 2.4.2-r02.4.2-r0
ruby-langruby>= 0 < 2.4.2-r02.4.2-r0
ruby-langruby>= 0 < 2.4.2-r02.4.2-r0
ruby-langruby>= 0 < 2.4.2-r02.4.2-r0
ruby-langruby>= 0 < 2.4.2-r02.4.2-r0
ruby-langruby>= 0 < 2.4.2-r02.4.2-r0

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv9.1CRITICAL
vendor_ubuntu9.1CRITICAL
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.