Vulnerability Details : CVE-2017-15928
In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation fault when a crafted input is supplied to parse_obj. NOTE: the vendor has stated "Ox should handle the error more gracefully" but has not confirmed a security implication.
Vulnerability category: Memory CorruptionInput validation
Products affected by CVE-2017-15928
- cpe:2.3:a:ox_project:ox:2.8.0:*:*:*:*:ruby:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-15928
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 50 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-15928
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2017-15928
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-15928
-
https://github.com/ohler55/ox/issues/194
Seg fault - parse_obj · Issue #194 · ohler55/ox · GitHubExploit;Third Party Advisory
-
https://rubygems.org/gems/ox/versions/2.8.0
ox | RubyGems.org | your community gem hostVendor Advisory
Jump to