Ruby CVE-2017-14033 Buffer Underrun Vulnerability



Ruby is prone to a buffer-underrun vulnerability.

An attacker can exploit this issue to cause denial-of-service conditions. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed.

The following versions are affected:
Ruby 2.2.7 and prior versions are affected.
Ruby 2.3.4 and prior versions are affected.
Ruby 2.4.1 and prior versions are affected.

Information

Bugtraq ID: 100868
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2017-14033

Remote: Yes
Local: No
Published: Sep 14 2017 12:00AM
Updated: Sep 14 2017 12:00AM
Credit: asac.
Vulnerable: Ruby-Lang Ruby 2.4.1
Ruby-Lang Ruby 2.3.4
Ruby-Lang Ruby 2.3
Ruby-Lang Ruby 2.2.7
Ruby-Lang Ruby 2.2
Ruby-Lang Ruby 2.4.0
Ruby-Lang Ruby 2.2.2


Not Vulnerable: Ruby-Lang Ruby 2.4.2
Ruby-Lang Ruby 2.3.5
Ruby-Lang Ruby 2.2.8


Exploit


The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.


Related Posts

Comments