Home

CVE-2017-0901

Description

RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
18.555

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2017-0900,CVE-2017-0901,CVE-2017-0902,CVE-2017-0899 are fixed in Ruby-rubygems-update 2.6.13Windows
Interpreter of object-oriented scripting language Ruby (USN-3528-1) ruby2.3_2.3.3-1ubuntu1.3_i386.debLinux
Interpreter of object-oriented scripting language Ruby (USN-3528-1) ruby2.3_2.3.3-1ubuntu1.3_amd64.debLinux
Interpreter of object-oriented scripting language Ruby (USN-3528-1) libruby2.3_2.3.3-1ubuntu1.3_i386.debLinux
Interpreter of object-oriented scripting language Ruby (USN-3528-1) libruby2.3_2.3.3-1ubuntu1.3_amd64.debLinux
ruby2.3 security update(DSA-3966-1) ruby2.3_2.3.3-1_i386.debLinux
Ruby security update (CESA-2018:0378) ruby-2.0.0.648-33.el7_4.x86_64.rpmLinux
Ruby security update (CESA-2018:0378) ruby-doc-2.0.0.648-33.el7_4.noarch.rpmLinux
Ruby security update (CESA-2018:0378) ruby-irb-2.0.0.648-33.el7_4.noarch.rpmLinux
Ruby security update (CESA-2018:0378) rubygems-2.0.14.1-33.el7_4.noarch.rpmLinux
Ruby security update (CESA-2018:0378) ruby-libs-2.0.0.648-33.el7_4.x86_64.rpmLinux
Ruby security update (CESA-2018:0378) ruby-libs-2.0.0.648-33.el7_4.i686.rpmLinux
Ruby security update (CESA-2018:0378) ruby-devel-2.0.0.648-33.el7_4.x86_64.rpmLinux
Ruby security update (CESA-2018:0378) ruby-tcltk-2.0.0.648-33.el7_4.x86_64.rpmLinux
Ruby security update (CESA-2018:0378) rubygem-json-1.7.7-33.el7_4.x86_64.rpmLinux
Ruby security update (CESA-2018:0378) rubygem-rake-0.9.6-33.el7_4.noarch.rpmLinux
Ruby security update (CESA-2018:0378) rubygem-rdoc-4.0.0-33.el7_4.noarch.rpmLinux
Ruby security update (CESA-2018:0378) rubygem-psych-2.0.0-33.el7_4.x86_64.rpmLinux
Ruby security update (CESA-2018:0378) rubygems-devel-2.0.14.1-33.el7_4.noarch.rpmLinux
Ruby security update (CESA-2018:0378) rubygem-minitest-4.3.2-33.el7_4.noarch.rpmLinux
Ruby security update (CESA-2018:0378) rubygem-bigdecimal-1.2.0-33.el7_4.x86_64.rpmLinux
Ruby security update (CESA-2018:0378) rubygem-io-console-0.4.2-33.el7_4.x86_64.rpmLinux
(RHSA-2018:0378) Important: ruby security update ruby-2.0.0.648-33.el7_4.x86_64.rpmLinux
(RHSA-2018:0378) Important: ruby security update ruby-devel-2.0.0.648-33.el7_4.x86_64.rpmLinux
(RHSA-2018:0378) Important: ruby security update ruby-doc-2.0.0.648-33.el7_4.noarch.rpmLinux
(RHSA-2018:0378) Important: ruby security update ruby-irb-2.0.0.648-33.el7_4.noarch.rpmLinux
(RHSA-2018:0378) Important: ruby security update ruby-libs-2.0.0.648-33.el7_4.i686.rpmLinux
(RHSA-2018:0378) Important: ruby security update ruby-libs-2.0.0.648-33.el7_4.x86_64.rpmLinux
(RHSA-2018:0378) Important: ruby security update ruby-tcltk-2.0.0.648-33.el7_4.x86_64.rpmLinux
(RHSA-2018:0378) Important: ruby security update rubygem-bigdecimal-1.2.0-33.el7_4.x86_64.rpmLinux
(RHSA-2018:0378) Important: ruby security update rubygem-io-console-0.4.2-33.el7_4.x86_64.rpmLinux
(RHSA-2018:0378) Important: ruby security update rubygem-json-1.7.7-33.el7_4.x86_64.rpmLinux
(RHSA-2018:0378) Important: ruby security update rubygem-minitest-4.3.2-33.el7_4.noarch.rpmLinux
(RHSA-2018:0378) Important: ruby security update rubygem-psych-2.0.0-33.el7_4.x86_64.rpmLinux
(RHSA-2018:0378) Important: ruby security update rubygem-rake-0.9.6-33.el7_4.noarch.rpmLinux
(RHSA-2018:0378) Important: ruby security update rubygem-rdoc-4.0.0-33.el7_4.noarch.rpmLinux
(RHSA-2018:0378) Important: ruby security update rubygems-2.0.14.1-33.el7_4.noarch.rpmLinux
(RHSA-2018:0378) Important: ruby security update rubygems-devel-2.0.14.1-33.el7_4.noarch.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) libruby2_1-2_1-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) libruby2_1-2_1-debuginfo-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) ruby2.1-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) ruby2.1-debuginfo-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) ruby2.1-debugsource-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) ruby2.1-stdlib-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP4 ) ruby2.1-stdlib-debuginfo-2.1.9-19.3.2.x86_64.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) libruby2_1-2_1-2.1.9-19.3.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) libruby2_1-2_1-debuginfo-2.1.9-19.3.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) ruby2.1-2.1.9-19.3.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) ruby2.1-debuginfo-2.1.9-19.3.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) ruby2.1-debugsource-2.1.9-19.3.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) ruby2.1-stdlib-2.1.9-19.3.2.x86_64_SP5.rpmLinux
SUSE-SU-2020:1570-1(SUSE Linux Enterprise Server 12-SP5 ) ruby2.1-stdlib-debuginfo-2.1.9-19.3.2.x86_64_SP5.rpmLinux
Vulnerabilities CVE-2017-0900,CVE-2017-0901,CVE-2017-0902,CVE-2017-0899 are fixed in Ruby-rubygems-update for Linux 2.6.13Linux
Improper Input Validation Vulnerability (CVE-2017-0901)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234