Lucene search
Redhat.comRH:CVE-2018-8778HistoryMar 29, 2018 - 9:19 a.m.
CVE-2018-8778
2018-03-2909:19:43
redhat.com
access.redhat.com
18
EPSS
0.004
Percentile
74.4%
A integer underflow was found in the way String#unpack decodes the unpacking format. An attacker, able to control the unpack format, could use this flaw to disclose arbitrary parts of the application’s memory.
Mitigation
Vulnerable code when String#unpack's argument is attacker controlled.
In the unpack format string argemument, manual sanitization can be done by preventing the number following '@' to overflow to a negative number. See <https://dev.to/sqreenio/an-in-depth-look-at-cve-2018-8878-or-why-integer-overflows-are-still-a-thing-1n01> for mitigation details.
Related
cve
cve
CVE-2018-8878
2020-02-27 22:15:13
CVE-2018-8778
2018-04-03 22:29:00
prion
prion
Information disclosure
2020-02-27 22:15:00
Format string
2018-04-03 22:29:00
nvd
nvd
CVE-2018-8878
2020-02-27 22:15:13
CVE-2018-8778
2018-04-03 22:29:00
cvelist
cvelist
CVE-2018-8878
2020-02-27 21:12:40
CVE-2018-8778
2018-04-03 22:00:00
debiancve
debiancve
CVE-2018-8778
2018-04-03 22:29:00
osv
osv
CVE-2018-8778
2018-04-03 22:29:00
ruby1.8 - security update
2018-04-23 00:00:00
ruby1.9.1 - security update
2018-04-23 00:00:00
alpinelinux
alpinelinux
CVE-2018-8778
2018-04-03 22:29:00
hackerone
hackerone
Ruby: controlled buffer under-read in pack_unpack_internal()
2017-12-15 12:21:22
ubuntucve
ubuntucve
CVE-2018-8778
2018-04-03 00:00:00
rubygems
rubygems
Buffer under-read in String#unpack
2018-03-27 21:00:00
veracode
veracode
Information Disclosure
2019-05-16 03:22:57
redhat
redhat
(RHSA-2020:2288) Moderate: ruby security update
2020-05-26 08:52:58
(RHSA-2020:2212) Moderate: ruby security update
2020-05-19 13:16:01
(RHSA-2020:1963) Moderate: ruby security update
2020-04-29 09:03:52
nessus
nessus
RHEL 7 : ruby (RHSA-2020:2288)
2020-11-18 00:00:00
RHEL 7 : ruby (RHSA-2020:2212)
2020-05-20 00:00:00
RHEL 7 : ruby (RHSA-2020:1963)
2020-04-29 00:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2018-04-16 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3626-1)
2018-10-26 00:00:00
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1206)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1275)
2020-01-23 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: ruby-2.4.4-89.fc27
2018-06-06 12:59:35
[SECURITY] Fedora 26 Update: ruby-2.4.4-88.fc26
2018-05-29 11:09:55
[SECURITY] Fedora 28 Update: ruby-2.5.1-92.fc28
2018-04-15 02:45:12
debian
debian
[SECURITY] [DLA 1359-1] ruby1.8 security update
2018-04-23 09:51:58
[SECURITY] [DLA 1358-1] ruby1.9.1 security update
2018-04-23 09:51:06
[SECURITY] [DSA 4259-1] ruby2.3 security update
2018-07-31 21:40:30
slackware
slackware
[slackware-security] ruby
2018-03-29 22:43:54
f5
f5
K80173446 : Multiple Ruby vulnerabilities
2018-05-08 00:00:00
freebsd
freebsd
ruby -- multiple vulnerabilities
2018-03-28 00:00:00
mageia
mageia
Updated ruby packages fix security vulnerability
2018-10-26 21:47:14
amazon
amazon
Medium: ruby
2019-08-23 03:41:00
Medium: ruby20, ruby22, ruby23, ruby24
2018-04-04 23:18:00
centos
centos
ruby, rubygem, rubygems security update
2019-08-30 04:17:17
oraclelinux
oraclelinux
ruby security update
2019-08-13 00:00:00
suse
suse
Security update for ruby-bundled-gems-rpmhelper, ruby2.5 (important)
2019-07-21 00:00:00
apple
apple
About the security content of macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan
2018-07-09 00:00:00