CVE-2017-1000173

Name of the Vulnerable Software and Affected Versions Creolabs Gravity version 1.0

Description The issue allows for potential code execution by creating a large loop that pushes data to a buffer, breaking the bounds checking of the buffer. When list.join is called on the data, it reads past the buffer, resulting in a Heap-Buffer-Overflow. This can be achieved by exploiting the list.join function.

Recommendations For Creolabs Gravity version 1.0, consider restricting the size of data pushed to the buffer to prevent the Heap-Buffer-Overflow. As a temporary workaround, consider disabling the list.join function until a patch is available.