CVE-2017-14033 - Buffer Errors vulnerability in Ruby Lang Ruby

Publication

2017-09-19

Last modification

2018-10-31

Summary

The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.

Classification

CWE-119 - Buffer Errors

Risk level (CVSS AV:N/AC:L/Au:N/C:N/I:N/A:P)

Medium

5.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Ruby Lang Ruby  2.2.6 , 2.2.3 , 2.3.1 , 2.2.4 , 2.2.7 , 2.2.1 , 2.3.0 , 2.3.4 , 2.3.2 , 2.2.2 , 2.3.3 , 2.4.0 , 2.4.1 , 2.2.0 , 2.2.5

Related CVE