cbcvebase.
CVE-2018-16396
published 2018-11-16

CVE-2018-16396: An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result…

PriorityP348high8.1CVSS 3.0
AVNACHPRNUINSUCHIHAH
EPSS
7.97%
94.0th percentile
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.

Affected

34 ranges· showing 25
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debiandebian_linux
redhatenterprise_linux
redhatenterprise_linux
redhatenterprise_linux
redhatenterprise_linux
redhatenterprise_linux
ruby-langruby
ruby-langruby>= 0 < 2.5.2-r02.5.2-r0
ruby-langruby>= 0 < 2.5.2-r02.5.2-r0
ruby-langruby>= 0 < 2.5.2-r02.5.2-r0
ruby-langruby>= 0 < 2.5.2-r02.5.2-r0
ruby-langruby>= 0 < 2.5.2-r02.5.2-r0
ruby-langruby>= 0 < 2.5.2-r02.5.2-r0
ruby-langruby>= 0 < 2.5.2-r02.5.2-r0
ruby-langruby>= 0 < 2.5.2-r02.5.2-r0
ruby-langruby>= 0 < 2.5.2-r02.5.2-r0
ruby-langruby>= 0 < 2.5.2-r02.5.2-r0
ruby-langruby>= 0 < 2.5.2-r02.5.2-r0
ruby-langruby>= 0 < 2.5.2-r02.5.2-r0
ruby-langruby>= 0 < 2.5.2-r02.5.2-r0

CVSS provenance

nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_redhat8.1HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.