CVE-2017-14033
Published: 19 September 2017
The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
ruby1.9.1 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| trusty |
Released
(1.9.3.484-2ubuntu1.5)
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
ruby2.1 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
ruby2.3 Launchpad, Ubuntu, Debian |
artful |
Released
(2.3.3-1ubuntu1.2)
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Released
(2.3.1-2~16.04.5)
|
|
| zesty |
Ignored
(end of life)
|
|
|
Patches: other: https://github.com/ruby/openssl/commit/1648afef33c1d97fb203c82291b8a61269e85d3b |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.5 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |