Lucene search

K

Redhat.comRH:CVE-2017-14064

HistorySep 01, 2017 - 9:18 a.m.

CVE-2017-14064

2017-09-0109:18:32

redhat.com

access.redhat.com

9

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

A buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the interpreter’s heap memory.

References

bugzilla.redhat.com/show_bug.cgi?id=1487552

www.ruby-lang.org/en/news/2017/09/14/json-heap-exposure-cve-2017-14064/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

Related for RH:CVE-2017-14064

hackerone1 veracode1 alpinelinux1 prion1 osv5 debiancve1 ubuntucve1 cve1 nessus27 ubuntu4 openvas17 freebsd1 mageia1 fedora1 gentoo1 debian3 redhat4 slackware1 amazon2 oraclelinux1 centos1 ibm1 apple4 photon2