In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
21 Nov 2024, 04:14
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html - | |
References | () http://www.securityfocus.com/bid/103693 - Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1042004 - Third Party Advisory, VDB Entry | |
References | () https://access.redhat.com/errata/RHSA-2018:3729 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2018:3730 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2018:3731 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2019:2028 - | |
References | () https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html - Mailing List, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html - Mailing List, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html - Mailing List, Third Party Advisory | |
References | () https://usn.ubuntu.com/3626-1/ - Third Party Advisory | |
References | () https://www.debian.org/security/2018/dsa-4259 - Third Party Advisory | |
References | () https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/ - Vendor Advisory | |
References | () https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/ - Patch, Vendor Advisory | |
References | () https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/ - Patch, Vendor Advisory | |
References | () https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/ - Patch, Vendor Advisory | |
References | () https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/ - Patch, Vendor Advisory |
Information
Published : 2018-04-03 22:29
Updated : 2024-11-21 04:14
NVD link : CVE-2018-8778
Mitre link : CVE-2018-8778
CVE.ORG link : CVE-2018-8778
JSON object : View
Products Affected
canonical
- ubuntu_linux
redhat
- enterprise_linux
debian
- debian_linux
ruby-lang
- ruby
CWE
CWE-134
Use of Externally-Controlled Format String