Ruby: controlled buffer under-read in pack_unpack_internal()

Brief ----- There is a signedness error in the packunpackinternal, allowing the '@' type to trigger a buffer under-read when unpacking with a controlled format similar to format string implementation vulnerabilities. Code Vulnerability -------------------- Vulnerable version: 2.5.0 rc and prior...

Multiple OEM - nsd Remote Stack Format String (PoC)

Multiple OEM - nsd Remote Stack Format String PoC STX Subject: Remote Stack Format String in 'nsd' binary from multiple OEM Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Release date: December 14, 2017 Full...

openSUSE Security Update : graphviz (openSUSE-2017-1341)

This update for graphviz fixes the following issues : Security issue fixed : - CVE-2014-9157: Fix format string vulnerability boo908426. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

Multiple OEM - 'nsd' Remote Stack Format String (PoC)

STX Subject: Remote Stack Format String in 'nsd' binary from multiple OEM Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Release date: December 14, 2017 Full Disclosure: 0-Day - PoC - 1 $ curl...

Security Advisory - Two Vulnerabilities of License Module in Some Huawei Products

There is a uncontrolled format string vulnerability when the license module of some Huawei products output the log information. An authenticated local attacker could exploit this vulnerability to cause a denial of service. Vulnerability ID: HWPSIRT-2017-06138 This vulnerability has been assigned ...

Cisco UCS Platform Emulator Remote Code Execution

Vulnerabilities Summary The following advisory describes two remote code execution vulnerabilities found in Cisco UCS Platform Emulator version 3.12ePE1. Cisco UCS Platform Emulator is the Cisco UCS Manager application bundled into a virtual machine VM. The VM includes software that emulates...

Amazon Linux AMI : ruby24 (ALAS-2017-915)

Arbitrary heap exposure during a JSON.generate call Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte,...

gtk2 vulnerable to Use of Externally-Controlled Format String

Format string vulnerability in the mdiaginitialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 aka Ruby/Gnome2 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter...

GHSA-XGJ6-PGRM-X4R2 gtk2 vulnerable to Use of Externally-Controlled Format String

Format string vulnerability in the mdiaginitialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 aka Ruby/Gnome2 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter...

actionmailer email address processing causes Denial of service

Multiple format string vulnerabilities in logsubscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message...

GHSA-RG5M-3FQP-6PX8 actionmailer email address processing causes Denial of service

Multiple format string vulnerabilities in logsubscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message...

Medium: ruby22, ruby23

Issue Overview: SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands in Net::SMTP A SMTP command injection flaw was found in the way Ruby's Net::SMTP module handled CRLF sequences in certain SMTP commands. An attacker could potentially use this flaw to inject SMTP commands i...

Internet Bug Bounty: Format string implementation vulnerability, resulting in code execution

In a security audit to the sprintf implementation in perl version 5.24.1 I found a major security vulnerability, here are the full details. Timeline: ====== 6th of May, 2017 - disclosure to the PERL security mailing list 8th of May, 2017 - vulnerability confirmed by PERL's security group, found...

Information disclosure

Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap...

CVE-2017-0898

Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap...

ALPINE-CVE-2017-0898

Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap...

CVE-2017-0898

Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap...

CVE-2017-0898

Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap...

CVE-2017-0898

CVE-2017-0898 affects Ruby older branches (before 2.4.2, 2.3.5, and 2.2.8) and is caused by a buffer underrun in Kernel.sprintf, leading to heap memory corruption and potential information disclosure from the heap or application instability. The issue is not restricted to a single product; it app...

CVE-2017-0898

Removed by vendor...