CVE-2018-1000201

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-1000201

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000201.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1000201

Aliases

GHSA-2gw2-8q9w-cw8p

Published

2018-06-22T18:29:00.217Z

Modified

2026-03-14T09:25:46.235760Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later.

References

Affected packages

Git / github.com/ffi/ffi

Affected ranges

Type

GIT

Repo

https://github.com/ffi/ffi

Events

Introduced

Last affected

eba81d933a84263aedefe17021c7ce8ed0b5b215

Fixed

09e0c6076466b4383da7fa4e13f714311109945a

Fixed

e0fe486df0e117ed67b0282b6ada04b7214ca05c

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.9.23"
        }
    ]
}

Affected versions

0.*

0.1.0

0.2.0

0.3.0

0.3.1

0.3.2

0.4.0

0.5.0

0.6.0

0.6.1

0.6.2

0.6.3

1.*

1.0.0

1.0.1

1.0.10

1.0.12.pre

1.0.12rc3

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.1.0

1.1.0rc1

1.1.0rc2

1.1.0rc3

1.1.1

1.1.1.rc1

1.1.1.rc2

1.2.0

1.2.0.dev3

1.2.0.dev4

1.2.0.pre2

1.2.0.pre4

1.2.0.pre6

1.3.0

1.3.1

1.4.0

1.5.0

1.6.0

1.7.0

1.8.0

1.8.1

1.9.0

1.9.1

1.9.10

1.9.11

1.9.12

1.9.13

1.9.14

1.9.15

1.9.16

1.9.17

1.9.18

1.9.19

1.9.2

1.9.20

1.9.21

1.9.22

1.9.23

1.9.23.pre1

1.9.3

1.9.4

1.9.5

1.9.7

1.9.8

1.9.9

v1.*

v1.9.6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000201.json"