Debian Security Bug TrackerDEBIANCVE:CVE-2017-0898

HistorySep 15, 2017 - 7:29 p.m.

CVE-2017-0898

2017-09-1519:29:00

Debian Security Bug Tracker

security-tracker.debian.org

EPSS

0.013

Percentile

85.7%

JSON

Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.

OSVersionArchitecturePackageVersionFilename
Debian9allruby2.3< 2.3.3-1+deb9u8ruby2.3_2.3.3-1+deb9u8_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	all	ruby2.3	< 2.3.3-1+deb9u8	ruby2.3_2.3.3-1+deb9u8_all.deb

nessus

Photon OS 1.0: Ruby PHSA-2017-0037

2019-02-07 00:00:00

Debian DLA-1113-1 : ruby1.8 security update

2017-09-27 00:00:00

Fedora 27 : ruby (2017-4166994614)

2018-01-15 00:00:00

cvelist

CVE-2017-0898

2017-09-15 19:00:00

cve

CVE-2017-0898

2017-09-15 19:29:00

hackerone

Ruby: sprintf combined format string attack

2017-03-10 11:48:41

nvd

CVE-2017-0898

2017-09-15 19:29:00

veracode

Information Disclosure

2019-01-15 09:21:22

alpinelinux

CVE-2017-0898

2017-09-15 19:29:00

osv

CVE-2017-0898

2017-09-15 19:29:00

ruby1.8 - security update

2017-09-26 00:00:00

ruby2.3 - security update

2017-11-11 00:00:00

rubygems

Buffer underrun vulnerability in Kernel.sprintf

2017-09-13 21:00:00

prion

Information disclosure

2017-09-15 19:29:00

ubuntucve

CVE-2017-0898

2017-09-15 00:00:00

redhatcve

CVE-2017-0898

2019-10-10 10:31:36

debian

[SECURITY] [DLA 1113-1] ruby1.8 security update

2017-09-26 21:16:42

[SECURITY] [DSA 4031-1] ruby2.3 security update

2017-11-11 14:46:00

[SECURITY] [DSA 4031-1] ruby2.3 security update

2017-11-11 14:46:00

openvas

Debian: Security Advisory (DLA-1113-1)

2018-02-06 00:00:00

Fedora Update for ruby FEDORA-2017-6e6f4f95e6

2017-12-29 00:00:00

Debian: Security Advisory (DSA-4031-1)

2017-11-10 00:00:00

fedora

[SECURITY] Fedora 27 Update: ruby-2.4.2-84.fc27

2017-10-02 14:27:35

[SECURITY] Fedora 26 Update: ruby-2.4.2-84.fc26

2017-12-26 16:32:32

freebsd

ruby -- multiple vulnerabilities

2017-09-14 00:00:00

mageia

Updated ruby packages fix security vulnerabilities

2017-10-18 23:19:34

gentoo

Ruby: Multiple vulnerabilities

2017-10-18 00:00:00

ubuntu

Ruby vulnerabilities

2017-10-05 00:00:00

Ruby vulnerabilities

2018-06-13 00:00:00

Ruby regression

2021-03-25 00:00:00

slackware

[slackware-security] ruby

2017-09-18 19:20:47

redhat

(RHSA-2017:3485) Moderate: rh-ruby24-ruby security, bug fix, and enhancement update

2017-12-19 08:13:07

(RHSA-2018:0378) Important: ruby security update

2018-02-28 16:24:33

(RHSA-2018:0585) Important: rh-ruby23-ruby security, bug fix, and enhancement update

2018-03-26 09:13:23

amazon

Medium: ruby24

2017-10-26 17:01:00

Medium: ruby22, ruby23

2017-10-02 17:01:00

photon

Critical Photon OS Security Update - PHSA-2017-0076

2017-10-06 00:00:00

ibm

Security Bulletin: Vulnerabilities in Ruby affect PowerKVM

2018-06-18 01:42:18

oraclelinux

ruby security update

2018-02-28 00:00:00

centos

ruby, rubygem, rubygems security update

2018-03-10 11:53:01

apple

About the security content of macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan

2018-07-09 00:00:00

About the security content of macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan - Apple Support

2020-07-28 05:29:11

About the security content of macOS Mojave 10.14.1, Security Update 2018-002 High Sierra, Security Update 2018-005 Sierra - Apple Support

2020-07-27 08:14:47

CVE-2017-0898

Related