4 matches found
CVE-2026-54696 Ruby JSON: JSON generator heap buffer overflow when streaming to an IO
Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through 2.19.8 are vulnerable to heap buffer overflow when the JSON generator is provided with an oversized streamed object. When streaming to an IO JSON.dumpobj, io and JSON::Stategenerateobj, io can write past the internal JSON generat...
USN-3528-1 ruby1.9.1, ruby2.3 vulnerabilities
It was discovered that Ruby incorrectly handled certain terminal emulator escape sequences. An attacker could use this to execute arbitrary code via a crafted user name. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. CVE-2017-10784 It was discovered that Ruby incorrectly handled...
ALPINE-CVE-2017-14064
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is...
CVE-2017-14064
Removed by vendor...