Ruby versions before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 are vulnerable to unintended socket connection due to unchecked null characters in UNIXServer.open and UNIXSocket.open methods
Reporter | Title | Published | Views | Family All 89 |
---|---|---|---|---|
Prion | Design/Logic Flaw | 3 Apr 201822:29 | – | prion |
RedhatCVE | CVE-2018-8779 | 8 Apr 202021:12 | – | redhatcve |
CVE | CVE-2018-8779 | 3 Apr 201822:29 | – | cve |
Hacker One | Ruby: Unix domain socket and a path containing a null character | 7 Jan 201809:18 | – | hackerone |
UbuntuCve | CVE-2018-8779 | 3 Apr 201800:00 | – | ubuntucve |
Debian CVE | CVE-2018-8779 | 3 Apr 201822:29 | – | debiancve |
Veracode | NULL Byte Injection | 16 May 201903:22 | – | veracode |
RubySec | Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket | 27 Mar 201821:00 | – | rubygems |
AlpineLinux | CVE-2018-8779 | 3 Apr 201822:29 | – | alpinelinux |
OSV | CVE-2018-8779 | 3 Apr 201822:29 | – | osv |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo