CVE-2017-14033

The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.

References

Affected packages

Git / github.com/ruby/ruby

Affected ranges

Type: GIT
Repo: https://github.com/ruby/ruby
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

050b43acced48e2699f4c57df65e207da4f0aa5a

Last affected

10bc9b85cba61af65dea858a2952ae04126a5d4d

Last affected

1c091e34809d91cb7e9ab4518a99e07f30b7fbd1

Last affected

2e968a23387c3255379a9bf91f3ecdafb01d940d

Last affected

449169fd8cfe4253381c40f595097ed50932bdae

Last affected

4bd69735af901266ec21486243fc206030caa6b9

Last affected

530165c2948c3eed741db5659f7b937270caa46a

Last affected

55b2febff000595e6c5d8120ccb888855b7edb6f

Last affected

5827d8e887d881eb3a6e6ea7410590261c90545f

Last affected

7393bf6a5cfff63683f36535e293caaa0d4c5be0

Last affected

81234c5ecaab58e03e346ebdbf5678e4b8a3db55

Last affected

8183c0532207ad0a9b9f99b659116218a9fa132b

Last affected

820605ba3c10b9f4dafc4e5d6e09765b8b31cbea

Last affected

9081c2c61ac9f7f9bdcbf054f33b2dc42740e85f

Last affected

9993701c7d3d83e24699177fef3238d8bf7bbbab

Last affected

9d222264d5e6a2dcac5aceafb5742a65e53dc513

Last affected

a9721a259665149b1b9ff0beabcf5f8dc0136120

Last affected

ac98aa3101ae3cf09c3bb318e22b72404150f106

Last affected

b8c7ea548aa8fb5f3c399a00ce877d3431c27a01

Last affected

c91cb76f8d84b2963f6ede2ef445ad46a6104216

Last affected

d40ea2afa6ff5a6e5befcf342fb7b6dc58796b20

Last affected

d4bb726b713658f56e630b6cf817a0155b6f390e

Last affected

e11c22602af69e8139ec0649bb39f5a66d1e66a1

Last affected

e3434401aca2e331132652d4458366267e8cf378

Affected versions

Other

v1_0_r2

v2_2_0_rc1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14033.json"