7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.014 Low
EPSS
Percentile
86.6%
Ruby before 2.2.10 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick (CVE-2017-17742). Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10 might allow attackers to create arbitrary directories or files via a … (dot dot) in the prefix argument (CVE-2018-6914). In Ruby before 2.2.10, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption) (CVE-2018-8777). In Ruby before 2.2.10, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure (CVE-2018-8778). In Ruby before 2.2.10, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket (CVE-2018-8779). In Ruby before 2.2.10, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed (CVE-2018-8780). Due to a bug in the equality check of OpenSSL::X509::Name, if a malicious X.509 certificate is passed to compare with an existing certificate, there is a possibility to be judged incorrectly that they are equal (CVE-2018-16395). In Array#pack and String#unpack with some formats, the tainted flags of the original data are not propagated to the returned string/array (CVE-2018-16396).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 6 | noarch | ruby | < 2.2.10-16.1 | ruby-2.2.10-16.1.mga6 |
bugs.mageia.org/show_bug.cgi?id=22844
www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/
www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/
www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/
www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/
www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/
www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/
www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/
www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/
www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.014 Low
EPSS
Percentile
86.6%