PT-2017-14288 · Ruby · Ox

Clod81

Publicado

2017-10-27

Atualizado

2019-04-05

CVE-2017-15928

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Ox gem version 2.8.0

Description The Ox gem for Ruby crashes with a segmentation fault when a crafted input is supplied to the parse obj function. The vendor has stated that Ox should handle the error more gracefully but has not confirmed a security implication.

Recommendations For Ox gem version 2.8.0, consider disabling the parse obj function until a more robust error handling mechanism is implemented to prevent the process from crashing with a segmentation fault when supplied with crafted input.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2017-15928

GHSA-PJJ4-W39G-PW54

MGASA-2019-0123

PT-2017-14288 · Ruby · Ox

CVE-2017-15928

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 16