CVE-2017-14064

Source
https://nvd.nist.gov/vuln/detail/CVE-2017-14064
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-14064.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-14064
Downstream
Related
Published
2017-08-31T17:29:00Z
Modified
2025-10-13T06:58:43.139703Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len.

References

Affected packages

Git / github.com/ruby/json

Affected ranges

Type
GIT
Repo
https://github.com/ruby/json
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/ruby/ruby
Events
Introduced
0 Unknown introduced commit / All previous commits are affected

Affected versions

v1.*

v1.1.8
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.4-java
v1.4.5
v1.4.6
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.6.7
v1.7.0
v1.7.1
v1.7.2
v1.7.3
v1.7.4
v1.7.5
v1.7.6
v1.7.7
v1.8.0
v1.8.1
v1.8.2
v1.8.3

v2.*

v2.0.0
v2.0.1
v2.0.2

Database specific

{
    "vanir_signatures": [
        {
            "id": "CVE-2017-14064-081830d4",
            "source": "https://github.com/ruby/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "digest": {
                "length": 412.0,
                "function_hash": "333850170000569990630816245825851334286"
            },
            "target": {
                "file": "ext/json/ext/generator/generator.c",
                "function": "cState_array_nl_set"
            }
        },
        {
            "id": "CVE-2017-14064-3bbe9110",
            "source": "https://github.com/ruby/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "digest": {
                "length": 436.0,
                "function_hash": "148811423845304250804089795861570238355"
            },
            "target": {
                "file": "ext/json/ext/generator/generator.c",
                "function": "cState_indent_set"
            }
        },
        {
            "id": "CVE-2017-14064-44119ad3",
            "source": "https://github.com/ruby/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "digest": {
                "length": 413.0,
                "function_hash": "235138498165329040769513923872404799455"
            },
            "target": {
                "file": "ext/json/ext/generator/generator.c",
                "function": "cState_object_nl_set"
            }
        },
        {
            "id": "CVE-2017-14064-49101875",
            "source": "https://github.com/ruby/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "digest": {
                "length": 434.0,
                "function_hash": "231212006610800307331410088410461672189"
            },
            "target": {
                "file": "ext/json/ext/generator/generator.c",
                "function": "cState_space_set"
            }
        },
        {
            "id": "CVE-2017-14064-6910d9a7",
            "source": "https://github.com/ruby/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "120904374308355083734111949005929042523",
                    "26452857847874449151212129149641036903"
                ]
            },
            "target": {
                "file": "ext/json/ext/generator/generator.h"
            }
        },
        {
            "id": "CVE-2017-14064-709f6fe5",
            "source": "https://github.com/ruby/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "digest": {
                "length": 207.0,
                "function_hash": "178352657454531393926190957860867963360"
            },
            "target": {
                "file": "ext/json/ext/generator/generator.c",
                "function": "fstrndup"
            }
        },
        {
            "id": "CVE-2017-14064-bb2df37f",
            "source": "https://github.com/ruby/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "203126428726097578240407651447407768962",
                    "193928348062049476056199914767292540998",
                    "18992539843680518976943110175587805218",
                    "318507856882490173243287007951430614995",
                    "331377055305598866239756616680018855666",
                    "178811035994741578769452089321787285767",
                    "203432646838676032209194061565332159502",
                    "79145566861867884141474191602216982759",
                    "14118550392830535240411748288371500960",
                    "141107907040637505627201232328272113840",
                    "4488029395062862805420548455971309090",
                    "216554920298105624124125028082587199942",
                    "58217186119402190294095398429532077133",
                    "154268555576477752669255655074285455849",
                    "116938978129615895259416110858600871365",
                    "26272765290950953135327040711027961691",
                    "42657249236710796016958936661343165221",
                    "187518194052195544513889556210237749823",
                    "335178387273758271688706615039113585731",
                    "59048560601979423467278544029286927301",
                    "12602922004186724451618902428544806050",
                    "211868815879659581706041366009915183192",
                    "173310494673434350338619270441623270086",
                    "275663103391244767528307132844466520875"
                ]
            },
            "target": {
                "file": "ext/json/ext/generator/generator.c"
            }
        },
        {
            "id": "CVE-2017-14064-ffa02b53",
            "source": "https://github.com/ruby/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "digest": {
                "length": 448.0,
                "function_hash": "221211380026251280885482296555216767330"
            },
            "target": {
                "file": "ext/json/ext/generator/generator.c",
                "function": "cState_space_before_set"
            }
        }
    ]
}