CVE-2017-14064Improper Restriction of Operations within the Bounds of a Memory Buffer in Ruby

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-200Sensitive Information Exposure13 documents8 sources
Severity
9.8CRITICALNVD
EPSS
1.2%
top 21.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Ruby-lang RubyCanonical Ubuntu LinuxDebian Linux+6 more
Timeline
PublishedAug 31
Latest updateMay 14

Description

Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

Alpineruby-lang/ruby< 2.4.2-r0+20
NVDruby-lang/ruby2.2.7+7

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, Enterprise Linux 7.4, 7.6, 7.5

Patches

Patch: bugs.ruby-lang.orgPatch: github.comPatch: bugs.ruby-lang.org

🔴Vulnerability Details

4
GHSA
GHSA-954h-8gv7-2q75: Ruby through 22022-05-14
OSV
ruby1.9.1, ruby2.3 vulnerabilities2018-01-10
OSV
CVE-2017-14064: Ruby through 22017-08-31
CVEList
CVE-2017-14064: Ruby through 22017-08-31

📋Vendor Advisories

6
Apple
CVE-2017-14064: macOS Mojave 10.14.1, Security Update 2018-002 High Sierra, Security Update 2018-005 Sierra2018-10-30
Apple
CVE-2017-14064: macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan2018-07-09
Ubuntu
Ruby vulnerabilities2018-06-13
Ubuntu
Ruby vulnerabilities2018-01-10
Ubuntu
Ruby vulnerabilities2017-10-05

💬Community

2
Bugzilla
CVE-2017-14064 ruby: Arbitrary heap exposure during a JSON.generate call2017-09-01
Bugzilla
CVE-2017-14064 ruby: Arbitrary heap exposure during a JSON.generate call [fedora-all]2017-09-01
CVE-2017-14064 — Ruby-lang Ruby vulnerability | cvebase