CVE-2017-11465 in Rubyinfo

Summary

The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as a bypass of a $SAFE protection mechanism.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

07/19/2017

Disclosure

07/19/2017

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
104093	Ruby UTF-8 parser_tokadd_utf8 out-of-bounds	125	Not defined	Not defined	CVE-2017-11465

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Want to know what is going to be exploited?

We predict KEV entries!