Lucene search
K

33 matches found

CNVD
CNVD
added 2018/04/24 12:0 a.m.3 views

Ruby String#unpack Method Information Disclosure Vulnerability

Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto. An information disclosure vulnerability exists in the Stringunpack method of Ruby, which stems from the program's failure to properly handle the '@'...

7.5CVSS6.4AI score0.07825EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2018/04/03 10:29 p.m.0 views

CVE-2018-8778

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format similar to format string vulnerabilities can trigger a buffer under-read in the Stringunpack method, resulting in a massive and controlled informatio...

7.5CVSS5.8AI score0.07825EPSS
Exploits0References24
Prion
Prion
added 2018/04/03 10:29 p.m.28 views

Format string

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format similar to format string vulnerabilities can trigger a buffer under-read in the Stringunpack method, resulting in a massive and controlled informatio...

5CVSS7.8AI score0.07825EPSS
Exploits0References17Affected Software4
OSV
OSV
added 2018/04/03 10:29 p.m.29 views

CVE-2018-8778

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format similar to format string vulnerabilities can trigger a buffer under-read in the Stringunpack method, resulting in a massive and controlled informatio...

7.5CVSS9.3AI score0.07825EPSS
Exploits0References17
OSV
OSV
added 2018/04/03 10:29 p.m.4 views

ALPINE-CVE-2018-8778

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format similar to format string vulnerabilities can trigger a buffer under-read in the Stringunpack method, resulting in a massive and controlled informatio...

7.5CVSS6.9AI score0.07825EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/04/03 10:0 p.m.30 views

CVE-2018-8778

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format similar to format string vulnerabilities can trigger a buffer under-read in the Stringunpack method, resulting in a massive and controlled informatio...

7AI score0.07825EPSS
Exploits0References17
Debian CVE
Debian CVE
added 2018/04/03 10:0 p.m.31 views

CVE-2018-8778

Removed by vendor...

7.5CVSS8.7AI score0.07825EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2018/04/03 10:0 p.m.41 views

CVE-2018-8778

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format similar to format string vulnerabilities can trigger a buffer under-read in the Stringunpack method, resulting in a massive and controlled informatio...

7.5CVSS7.2AI score0.07825EPSS
Exploits0
OSV
OSV
added 2018/04/03 12:0 a.m.7 views

UBUNTU-CVE-2018-8778

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format similar to format string vulnerabilities can trigger a buffer under-read in the Stringunpack method, resulting in a massive and controlled informatio...

7.5CVSS6.9AI score0.07825EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2018/04/03 12:0 a.m.42 views

CVE-2018-8778

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format similar to format string vulnerabilities can trigger a buffer under-read in the Stringunpack method, resulting in a massive and controlled informatio...

7.5CVSS7AI score0.07825EPSS
Exploits0References5
RubySec
RubySec
added 2018/04/03 12:0 a.m.5 views

Buffer under-read in String#unpack

An attacker controlling the unpacking format similar to format string vulnerabilities can trigger a buffer under-read in the Stringunpack method, resulting in a massive and controlled information disclosure. Stringunpack receives format specifiers as its parameter, and can be specified the positi...

7.5CVSS7.4AI score0.07825EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2018/03/29 9:19 a.m.40 views

CVE-2018-8778

A integer underflow was found in the way Stringunpack decodes the unpacking format. An attacker, able to control the unpack format, could use this flaw to disclose arbitrary parts of the application's memory. Mitigation Vulnerable code when Stringunpacks argument is attacker controlled. In the...

7.5CVSS2AI score0.07825EPSS
Exploits0References2
RubySec
RubySec
added 2018/03/28 12:0 a.m.34 views

Buffer under-read in String#unpack

Stringunpack receives format specifiers as its parameter, and can be specified the position of parsing the data by the specifier @. If a big number is passed with @, the number is treated as the negative value, and out-of-buffer read is occurred. So, if a script accepts an external input as the...

7.5CVSS6.7AI score0.07825EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder