CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
74.4%
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before
2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format
(similar to format string vulnerabilities) can trigger a buffer under-read
in the String#unpack method, resulting in a massive and controlled
information disclosure.
github.com/ruby/ruby/commit/4cd92d7b13002161a3452a0fe278b877901a8859
github.com/ruby/ruby/commit/d02b7bd864706fc2a40d83fb6014772ad3cc3b80
launchpad.net/bugs/cve/CVE-2018-8778
nvd.nist.gov/vuln/detail/CVE-2018-8778
security-tracker.debian.org/tracker/CVE-2018-8778
ubuntu.com/security/notices/USN-3626-1
www.cve.org/CVERecord?id=CVE-2018-8778
www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
74.4%