Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: hackerone
Published: 2017-09-15T19:00:00Z
Updated: 2024-09-17T01:36:46.258Z
Reserved: 2016-11-30T00:00:00
Link: CVE-2017-0898
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-09-15T19:29:00.190
Modified: 2024-11-21T03:03:51.040
Link: CVE-2017-0898
Redhat