CVE-2017-0898

UNKNOWN

Published 2017-09-15T19:00:00Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2017-0898. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

HackerOne

Ruby

Affected Versions:

Versions before 2.4.2, 2.3.5, and 2.2.8

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed CRITICAL

GHSA-wvmx-3rv2-5jgf

Advisory Details

CVSS Scoring

CVSS Score

9.0

CVSS Vector


                                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-0898

WEB https://github.com/mruby/mruby/issues/3722

WEB https://hackerone.com/reports/212241

WEB https://access.redhat.com/errata/RHSA-2017:3485

WEB https://access.redhat.com/errata/RHSA-2018:0378

WEB https://access.redhat.com/errata/RHSA-2018:0583

WEB https://access.redhat.com/errata/RHSA-2018:0585

WEB https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html

WEB https://security.gentoo.org/glsa/201710-18

WEB https://usn.ubuntu.com/3685-1

WEB https://www.debian.org/security/2017/dsa-4031

WEB https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898

WEB http://www.securityfocus.com/bid/100862

WEB http://www.securitytracker.com/id/1039363

Advisory provided by GitHub Security Advisory Database. Published: May 14, 2022, Modified: April 20, 2025

References

https://usn.ubuntu.com/3685-1/

https://hackerone.com/reports/212241

https://access.redhat.com/errata/RHSA-2018:0585

https://access.redhat.com/errata/RHSA-2018:0378

https://www.debian.org/security/2017/dsa-4031

http://www.securityfocus.com/bid/100862

http://www.securitytracker.com/id/1039363

https://access.redhat.com/errata/RHSA-2017:3485

https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html

https://access.redhat.com/errata/RHSA-2018:0583

https://github.com/mruby/mruby/issues/3722

https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/

https://security.gentoo.org/glsa/201710-18

Published: 2017-09-15T19:00:00Z

Last Modified: 2024-09-17T01:36:46.258Z

Copied to clipboard!

CVE-2017-0898

Expert Analysis

Description

Available Exploits

Related News

Affected Products

Ruby

Affected Versions:

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!