Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2017-6181

Published: 3 April 2017

The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
ruby1.8
Launchpad, Ubuntu, Debian
precise Not vulnerable
(code not present)
trusty Does not exist

upstream Not vulnerable

xenial Does not exist

yakkety Does not exist

ruby1.9.1
Launchpad, Ubuntu, Debian
precise Not vulnerable

trusty Does not exist
(trusty was not-affected [np is initialized])
upstream Not vulnerable

xenial Does not exist

yakkety Does not exist

ruby2.0
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was not-affected [np is initialized])
upstream Not vulnerable

xenial Does not exist

yakkety Does not exist

ruby2.3
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream Not vulnerable

xenial Not vulnerable

yakkety Not vulnerable