CVE-2017-14064

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-14064
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-14064.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-14064
Downstream
Related
Published
2017-08-31T17:29:00Z
Modified
2025-10-15T08:46:29.904503Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len.

References

Affected packages

Git / github.com/ruby/json

Affected ranges

Type
GIT
Repo
https://github.com/ruby/json
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8f782fd8e181d9cfe9387ded43a5ca9692266b85
Type
GIT
Repo
https://github.com/ruby/ruby
Events
Introduced
0 Unknown introduced commit / All previous commits are affected

Affected versions

v1.*

v1.1.8
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.4-java
v1.4.5
v1.4.6
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.6.7
v1.7.0
v1.7.1
v1.7.2
v1.7.3
v1.7.4
v1.7.5
v1.7.6
v1.7.7
v1.8.0
v1.8.1
v1.8.2
v1.8.3

v2.*

v2.0.0
v2.0.1
v2.0.2

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://github.com/ruby/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85",
        "signature_version": "v1",
        "target": {
            "function": "cState_array_nl_set",
            "file": "ext/json/ext/generator/generator.c"
        },
        "digest": {
            "function_hash": "333850170000569990630816245825851334286",
            "length": 412.0
        },
        "id": "CVE-2017-14064-081830d4"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://github.com/ruby/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85",
        "signature_version": "v1",
        "target": {
            "function": "cState_indent_set",
            "file": "ext/json/ext/generator/generator.c"
        },
        "digest": {
            "function_hash": "148811423845304250804089795861570238355",
            "length": 436.0
        },
        "id": "CVE-2017-14064-3bbe9110"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://github.com/ruby/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85",
        "signature_version": "v1",
        "target": {
            "function": "cState_object_nl_set",
            "file": "ext/json/ext/generator/generator.c"
        },
        "digest": {
            "function_hash": "235138498165329040769513923872404799455",
            "length": 413.0
        },
        "id": "CVE-2017-14064-44119ad3"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://github.com/ruby/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85",
        "signature_version": "v1",
        "target": {
            "function": "cState_space_set",
            "file": "ext/json/ext/generator/generator.c"
        },
        "digest": {
            "function_hash": "231212006610800307331410088410461672189",
            "length": 434.0
        },
        "id": "CVE-2017-14064-49101875"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://github.com/ruby/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85",
        "signature_version": "v1",
        "target": {
            "file": "ext/json/ext/generator/generator.h"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "120904374308355083734111949005929042523",
                "26452857847874449151212129149641036903"
            ]
        },
        "id": "CVE-2017-14064-6910d9a7"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://github.com/ruby/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85",
        "signature_version": "v1",
        "target": {
            "function": "fstrndup",
            "file": "ext/json/ext/generator/generator.c"
        },
        "digest": {
            "function_hash": "178352657454531393926190957860867963360",
            "length": 207.0
        },
        "id": "CVE-2017-14064-709f6fe5"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://github.com/ruby/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85",
        "signature_version": "v1",
        "target": {
            "file": "ext/json/ext/generator/generator.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "203126428726097578240407651447407768962",
                "193928348062049476056199914767292540998",
                "18992539843680518976943110175587805218",
                "318507856882490173243287007951430614995",
                "331377055305598866239756616680018855666",
                "178811035994741578769452089321787285767",
                "203432646838676032209194061565332159502",
                "79145566861867884141474191602216982759",
                "14118550392830535240411748288371500960",
                "141107907040637505627201232328272113840",
                "4488029395062862805420548455971309090",
                "216554920298105624124125028082587199942",
                "58217186119402190294095398429532077133",
                "154268555576477752669255655074285455849",
                "116938978129615895259416110858600871365",
                "26272765290950953135327040711027961691",
                "42657249236710796016958936661343165221",
                "187518194052195544513889556210237749823",
                "335178387273758271688706615039113585731",
                "59048560601979423467278544029286927301",
                "12602922004186724451618902428544806050",
                "211868815879659581706041366009915183192",
                "173310494673434350338619270441623270086",
                "275663103391244767528307132844466520875"
            ]
        },
        "id": "CVE-2017-14064-bb2df37f"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://github.com/ruby/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85",
        "signature_version": "v1",
        "target": {
            "function": "cState_space_before_set",
            "file": "ext/json/ext/generator/generator.c"
        },
        "digest": {
            "function_hash": "221211380026251280885482296555216767330",
            "length": 448.0
        },
        "id": "CVE-2017-14064-ffa02b53"
    }
]