CVE-2017-14064

Published: 31 August 2017

Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len.

Priority

Low

CVSS 3 base score: 9.8

Status

Package Release Status
ruby1.9.1
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1.9.3.484-2ubuntu1.5])
Patches:
Upstream: https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85
ruby2.0
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [2.0.0.484-1ubuntu2.10])
ruby2.3
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus)
Released (2.3.1-2~16.04.5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist