Ruby@2.2.2 Security Vulnerabilities and Issues — Ruby@2.2.2 CVE List

Lucene search

Ruby-langRuby2.2.2

5 matches found

CVE•added 2017/09/19 5:29 p.m.•223 views

CVE-2017-14033

The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.

7.5CVSS6.6AI score0.09915EPSS

CVE•added 2017/09/15 7:29 p.m.•154 views

CVE-2017-0898

Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.

9.1CVSS7.4AI score0.0071EPSS

CVE•added 2017/01/06 9:59 p.m.•121 views

CVE-2016-2339

An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can inc...

9.8CVSS7.5AI score0.00703EPSS

CVE•added 2017/01/06 9:59 p.m.•115 views

CVE-2016-2337

Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.

9.8CVSS8.7AI score0.00983EPSS

CVE•added 2017/01/06 9:59 p.m.•43 views

CVE-2016-2336

Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution.

9.8CVSS9.6AI score0.01459EPSS