Ruby CVE-2017-14064 Arbitrary Memory Disclosure Vulnerability

Ruby is prone to an arbitrary memory disclosure vulnerability.

Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks.

Ruby 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 are vulnerable.


Bugtraq ID: 100890
Class: Design Error
CVE: CVE-2017-14064

Remote: Yes
Local: No
Published: Aug 31 2017 12:00AM
Updated: Oct 09 2017 01:02PM
Credit: ahmadsherif
Vulnerable: Ruby-Lang Ruby 2.4.1
Ruby-Lang Ruby 2.3.4
Ruby-Lang Ruby 2.3
Ruby-Lang Ruby 2.2.7
Ruby-Lang Ruby 2.4.0
Redhat Software Collections for RHEL 0
Redhat Enterprise Linux 7
Redhat Enterprise Linux 6
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Redhat Enterprise Linux 5

Not Vulnerable: Ruby-Lang Ruby 2.4.2
Ruby-Lang Ruby 2.3.5
Ruby-Lang Ruby 2.2.8


The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

Related Posts