CVE-2017-0898

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-0898
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-0898.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-0898
Downstream
Related
Published
2017-09-15T19:29:00.190Z
Modified
2026-05-30T08:41:12.125307Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
[none]
Details

Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.

References

Affected packages

Git / github.com/ruby/ruby

Affected ranges

Type
GIT
Repo
https://github.com/ruby/ruby
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7393bf6a5cfff63683f36535e293caaa0d4c5be0
Last affected
10bc9b85cba61af65dea858a2952ae04126a5d4d
Last affected
a9721a259665149b1b9ff0beabcf5f8dc0136120
Last affected
b8c7ea548aa8fb5f3c399a00ce877d3431c27a01
Last affected
9081c2c61ac9f7f9bdcbf054f33b2dc42740e85f
Last affected
449169fd8cfe4253381c40f595097ed50932bdae
Last affected
1c091e34809d91cb7e9ab4518a99e07f30b7fbd1
Last affected
530165c2948c3eed741db5659f7b937270caa46a
Last affected
d40ea2afa6ff5a6e5befcf342fb7b6dc58796b20
Last affected
5827d8e887d881eb3a6e6ea7410590261c90545f
Last affected
9d222264d5e6a2dcac5aceafb5742a65e53dc513
Last affected
c91cb76f8d84b2963f6ede2ef445ad46a6104216
Last affected
4bd69735af901266ec21486243fc206030caa6b9
Last affected
d4bb726b713658f56e630b6cf817a0155b6f390e
Last affected
820605ba3c10b9f4dafc4e5d6e09765b8b31cbea
Database specific 
{
    "cpe": [
        "cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:ruby-lang:ruby:2.2.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:ruby-lang:ruby:2.2.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:ruby-lang:ruby:2.2.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:ruby-lang:ruby:2.2.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:ruby-lang:ruby:2.2.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:ruby-lang:ruby:2.2.7:*:*:*:*:*:*:*",
        "cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:ruby-lang:ruby:2.3.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:ruby-lang:ruby:2.3.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:ruby-lang:ruby:2.3.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:ruby-lang:ruby:2.3.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:ruby-lang:ruby:2.4.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.0"
        },
        {
            "last_affected": "2.2.1"
        },
        {
            "last_affected": "2.2.2"
        },
        {
            "last_affected": "2.2.3"
        },
        {
            "last_affected": "2.2.4"
        },
        {
            "last_affected": "2.2.5"
        },
        {
            "last_affected": "2.2.6"
        },
        {
            "last_affected": "2.2.7"
        },
        {
            "last_affected": "2.3.0"
        },
        {
            "last_affected": "2.3.1"
        },
        {
            "last_affected": "2.3.2"
        },
        {
            "last_affected": "2.3.3"
        },
        {
            "last_affected": "2.3.4"
        },
        {
            "last_affected": "2.4.0"
        },
        {
            "last_affected": "2.4.1"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

Other
v1_0_r2
v2_2_0
v2_2_0_rc1
v2_2_1
v2_2_2
v2_2_3
v2_2_4
v2_2_5
v2_2_6
v2_2_7
v2_3_0
v2_3_1
v2_3_2
v2_3_3
v2_3_4
v2_4_0
v2_4_1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-0898.json"