Home

CVE-2017-0898

Description

Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.

Risk Information

Base Score
9.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score
Exploitation Probability
0.846

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are fixed in macOS Mojave 10.14.1Mac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.6 - Reboot AutomaticallyMac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.6 Combo Update - Reboot AutomaticallyMac
Object-oriented scripting language (USN-3621-1) libruby1.9.1_1.9.3.484-2ubuntu1.12_i386.debLinux
Object-oriented scripting language (USN-3621-1) libruby1.9.1_1.9.3.484-2ubuntu1.13_i386.debLinux
Object-oriented scripting language (USN-3621-2) ruby2.0_2.0.0.484-1ubuntu2.10_amd64.debLinux
Object-oriented scripting language (USN-3621-2) ruby2.0_2.0.0.484-1ubuntu2.10_i386.debLinux
Object-oriented scripting language (USN-3621-2) ruby1.9.1_1.9.3.484-2ubuntu1.12_amd64.debLinux
Object-oriented scripting language (USN-3621-2) ruby1.9.1_1.9.3.484-2ubuntu1.12_i386.debLinux
Object-oriented scripting language (USN-3621-2) ruby1.9.3_1.9.3.484-2ubuntu1.12_all.debLinux
Object-oriented scripting language (USN-3621-2) libruby2.0_2.0.0.484-1ubuntu2.10_amd64.debLinux
Object-oriented scripting language (USN-3621-2) libruby2.0_2.0.0.484-1ubuntu2.10_i386.debLinux
Object-oriented scripting language (USN-3626-1) ruby2.3_2.3.3-1ubuntu1.6_i386.debLinux
Object-oriented scripting language (USN-3626-1) libruby2.3_2.3.3-1ubuntu1.6_i386.debLinux
ruby2.3 security update(DSA-4031-1) ruby2.3_2.3.3-1+deb9u2_i386.debLinux
ruby2.3 security update(DSA-4031-1) ruby2.3_2.3.3-1+deb9u2_amd64.debLinux
Ruby security update (CESA-2018:0378) ruby-2.0.0.648-33.el7_4.x86_64.rpmLinux
Ruby security update (CESA-2018:0378) ruby-doc-2.0.0.648-33.el7_4.noarch.rpmLinux
Ruby security update (CESA-2018:0378) ruby-irb-2.0.0.648-33.el7_4.noarch.rpmLinux
Ruby security update (CESA-2018:0378) rubygems-2.0.14.1-33.el7_4.noarch.rpmLinux
Ruby security update (CESA-2018:0378) ruby-libs-2.0.0.648-33.el7_4.x86_64.rpmLinux
Ruby security update (CESA-2018:0378) ruby-libs-2.0.0.648-33.el7_4.i686.rpmLinux
Ruby security update (CESA-2018:0378) ruby-devel-2.0.0.648-33.el7_4.x86_64.rpmLinux
Ruby security update (CESA-2018:0378) ruby-tcltk-2.0.0.648-33.el7_4.x86_64.rpmLinux
Ruby security update (CESA-2018:0378) rubygem-json-1.7.7-33.el7_4.x86_64.rpmLinux
Ruby security update (CESA-2018:0378) rubygem-rake-0.9.6-33.el7_4.noarch.rpmLinux
Ruby security update (CESA-2018:0378) rubygem-rdoc-4.0.0-33.el7_4.noarch.rpmLinux
Ruby security update (CESA-2018:0378) rubygem-psych-2.0.0-33.el7_4.x86_64.rpmLinux
Ruby security update (CESA-2018:0378) rubygems-devel-2.0.14.1-33.el7_4.noarch.rpmLinux
Ruby security update (CESA-2018:0378) rubygem-minitest-4.3.2-33.el7_4.noarch.rpmLinux
Ruby security update (CESA-2018:0378) rubygem-bigdecimal-1.2.0-33.el7_4.x86_64.rpmLinux
Ruby security update (CESA-2018:0378) rubygem-io-console-0.4.2-33.el7_4.x86_64.rpmLinux
(RHSA-2018:0378) Important: ruby security update ruby-2.0.0.648-33.el7_4.x86_64.rpmLinux
(RHSA-2018:0378) Important: ruby security update ruby-devel-2.0.0.648-33.el7_4.x86_64.rpmLinux
(RHSA-2018:0378) Important: ruby security update ruby-doc-2.0.0.648-33.el7_4.noarch.rpmLinux
(RHSA-2018:0378) Important: ruby security update ruby-irb-2.0.0.648-33.el7_4.noarch.rpmLinux
(RHSA-2018:0378) Important: ruby security update ruby-libs-2.0.0.648-33.el7_4.i686.rpmLinux
(RHSA-2018:0378) Important: ruby security update ruby-libs-2.0.0.648-33.el7_4.x86_64.rpmLinux
(RHSA-2018:0378) Important: ruby security update ruby-tcltk-2.0.0.648-33.el7_4.x86_64.rpmLinux
(RHSA-2018:0378) Important: ruby security update rubygem-bigdecimal-1.2.0-33.el7_4.x86_64.rpmLinux
(RHSA-2018:0378) Important: ruby security update rubygem-io-console-0.4.2-33.el7_4.x86_64.rpmLinux
(RHSA-2018:0378) Important: ruby security update rubygem-json-1.7.7-33.el7_4.x86_64.rpmLinux
(RHSA-2018:0378) Important: ruby security update rubygem-minitest-4.3.2-33.el7_4.noarch.rpmLinux
(RHSA-2018:0378) Important: ruby security update rubygem-psych-2.0.0-33.el7_4.x86_64.rpmLinux
(RHSA-2018:0378) Important: ruby security update rubygem-rake-0.9.6-33.el7_4.noarch.rpmLinux
(RHSA-2018:0378) Important: ruby security update rubygem-rdoc-4.0.0-33.el7_4.noarch.rpmLinux
(RHSA-2018:0378) Important: ruby security update rubygems-2.0.14.1-33.el7_4.noarch.rpmLinux
(RHSA-2018:0378) Important: ruby security update rubygems-devel-2.0.14.1-33.el7_4.noarch.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) libruby2_1-2_1-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) libruby2_1-2_1-debuginfo-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) ruby2.1-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) ruby2.1-debuginfo-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) ruby2.1-debugsource-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) ruby2.1-stdlib-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) ruby2.1-stdlib-debuginfo-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) libruby2_1-2_1-2.1.9-19.3.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) libruby2_1-2_1-debuginfo-2.1.9-19.3.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) ruby2.1-2.1.9-19.3.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) ruby2.1-debuginfo-2.1.9-19.3.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) ruby2.1-debugsource-2.1.9-19.3.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) ruby2.1-stdlib-2.1.9-19.3.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) ruby2.1-stdlib-debuginfo-2.1.9-19.3.2.x86_64_SP5.rpmLinux
Use of Externally-Controlled Format String Vulnerability (CVE-2017-0898)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-602004macOS Mojave 10.14.6
PATCH-601562macOS High Sierra 10.13.6 - Reboot Automatically
PATCH-601563macOS High Sierra 10.13.6 Combo Update - Reboot Automatically

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234