CVE 2017-14064
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/
See the 
CVE page on Mitre.org
for more details.
Launchpad.net
References
- MISC: https://bugs.ruby-lang...
- MISC: https://github.com/flo...
- MISC: https://hackerone.com/...
- SECTRACK: 1039363
- CONFIRM: https://www.ruby-lang....
- CONFIRM: https://www.ruby-lang....
- BID: 100890
- GENTOO: GLSA-201710-18
- DEBIAN: DSA-3966
- REDHAT: RHSA-2017:3485
- REDHAT: RHSA-2018:0378
- REDHAT: RHSA-2018:0583
- REDHAT: RHSA-2018:0585
- UBUNTU: USN-3685-1
- MLIST: [debian-lts-announce] ...
- SECTRACK: 1042004
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)