Your submission was sent successfully! Close

CVE-2017-14064

Published: 31 August 2017

Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len.

Priority

Low

CVSS 3 base score: 9.8

Status

Package Release Status
ruby1.9.1
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

precise Does not exist

trusty Does not exist
(trusty was released [1.9.3.484-2ubuntu1.5])
upstream Needs triage

xenial Does not exist

zesty Does not exist

Patches:
upstream: https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85
ruby2.0
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

precise Does not exist

trusty Does not exist
(trusty was released [2.0.0.484-1ubuntu2.10])
upstream Needs triage

xenial Does not exist

zesty Does not exist

ruby2.3
Launchpad, Ubuntu, Debian
artful
Released (2.3.3-1ubuntu1.2)
bionic Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial
Released (2.3.1-2~16.04.5)
zesty Ignored
(reached end-of-life)