Wind River Support Network

HomeDefectsLIN8-7853
Fixed

LIN8-7853 : Security Advisory - ruby - CVE-2017-0898

Created: Sep 25, 2017    Updated: Dec 31, 2020
Resolved Date: Dec 31, 2020
Found In Version: 8.0.0.21
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Userspace

Description

Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.

https://nvd.nist.gov/vuln/detail/CVE-2017-0898

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube