Lucene search

RubySecRUBY:CCSV-2017-15364

HistoryMay 16, 2022 - 9:00 p.m.

ccsv Double Free vulnerability

2022-05-1621:00:00

RubySec

github.com

denial of service

remote attackers

application crash

crafted file

unspecified impact

ccsv 1.1.0

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

53.8%

JSON

The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers
to cause a denial of service (double free and application crash) or possibly have
unspecified other impact via a crafted file.

References

github.com/evan/ccsv/issues/15

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

53.8%

JSON

Related for RUBY:CCSV-2017-15364