Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Information
Published : 2017-08-31 10:29
Updated : 2019-05-13 11:48
NVD link : CVE-2017-14064
Mitre link : CVE-2017-14064
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
redhat
- enterprise_linux_desktop
- enterprise_linux_server_aus
- enterprise_linux_workstation
- enterprise_linux_server_tus
- enterprise_linux_server_eus
- enterprise_linux_server
ruby-lang
- ruby
canonical
- ubuntu_linux
debian
- debian_linux