Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ruby | Ruby-lang | 2.2.0 (including) | 2.2.0 (including) |
Ruby | Ruby-lang | 2.2.1 (including) | 2.2.1 (including) |
Ruby | Ruby-lang | 2.2.2 (including) | 2.2.2 (including) |
Ruby | Ruby-lang | 2.2.3 (including) | 2.2.3 (including) |
Ruby | Ruby-lang | 2.2.4 (including) | 2.2.4 (including) |
Ruby | Ruby-lang | 2.2.5 (including) | 2.2.5 (including) |
Ruby | Ruby-lang | 2.2.6 (including) | 2.2.6 (including) |
Ruby | Ruby-lang | 2.2.7 (including) | 2.2.7 (including) |
Ruby | Ruby-lang | 2.3.0 (including) | 2.3.0 (including) |
Ruby | Ruby-lang | 2.3.1 (including) | 2.3.1 (including) |
Ruby | Ruby-lang | 2.3.2 (including) | 2.3.2 (including) |
Ruby | Ruby-lang | 2.3.3 (including) | 2.3.3 (including) |
Ruby | Ruby-lang | 2.3.4 (including) | 2.3.4 (including) |
Ruby | Ruby-lang | 2.4.0 (including) | 2.4.0 (including) |
Ruby | Ruby-lang | 2.4.1 (including) | 2.4.1 (including) |
Red Hat Enterprise Linux 7 | RedHat | ruby-0:2.0.0.648-33.el7_4 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 6 | RedHat | rh-ruby24-ruby-0:2.4.2-86.el6 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 6 | RedHat | rh-ruby22-ruby-0:2.2.9-19.el6 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 6 | RedHat | rh-ruby23-ruby-0:2.3.6-67.el6 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS | RedHat | rh-ruby24-ruby-0:2.4.2-86.el6 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS | RedHat | rh-ruby22-ruby-0:2.2.9-19.el6 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS | RedHat | rh-ruby23-ruby-0:2.3.6-67.el6 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-ruby24-ruby-0:2.4.2-86.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-ruby22-ruby-0:2.2.9-19.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-ruby23-ruby-0:2.3.6-67.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS | RedHat | rh-ruby24-ruby-0:2.4.2-86.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS | RedHat | rh-ruby22-ruby-0:2.2.9-19.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS | RedHat | rh-ruby23-ruby-0:2.3.6-67.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS | RedHat | rh-ruby24-ruby-0:2.4.2-86.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS | RedHat | rh-ruby22-ruby-0:2.2.9-19.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS | RedHat | rh-ruby23-ruby-0:2.3.6-67.el7 | * |
Ruby1.9.1 | Ubuntu | trusty | * |
Ruby2.0 | Ubuntu | trusty | * |
Ruby2.3 | Ubuntu | artful | * |
Ruby2.3 | Ubuntu | esm-infra/xenial | * |
Ruby2.3 | Ubuntu | upstream | * |
Ruby2.3 | Ubuntu | xenial | * |
Ruby2.3 | Ubuntu | zesty | * |