GCVE - cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*

part: a version: 2.2.0 update: *

Vendor	Ruby Lang (`5813a634-c286-5f1d-90d5-a1a352f78d39`)
Product	Ruby (`48f7c14c-c576-5b15-be87-22eeb9add91e`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/ruby/ruby`	purl2cpe	2026-06-01 10:11:45.610092
`pkg:ruby-lang/ruby`	purl2cpe	2026-06-01 10:11:45.610094

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-14033`	vulnerable	2026-06-03 14:36:38.362174	Details available The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string. Published: 2017-09-19T17:00:00.000Z Updated: 2024-08-05T19:13:41.487Z Open on db.gcve.eu Reference links https://access.redhat.com/errata/RHSA-2018:0585 https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/ https://access.redhat.com/errata/RHSA-2018:0378 http://www.securitytracker.com/id/1042004 https://www.debian.org/security/2017/dsa-4031	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-0898`	vulnerable	2026-06-03 14:36:19.558683	Details available Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap. Published: 2017-09-15T19:00:00.000Z Updated: 2024-09-17T01:36:46.258Z Open on db.gcve.eu Reference links https://usn.ubuntu.com/3685-1/ https://hackerone.com/reports/212241 https://access.redhat.com/errata/RHSA-2018:0585 https://access.redhat.com/errata/RHSA-2018:0378 https://www.debian.org/security/2017/dsa-4031	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-7551`	vulnerable	2026-06-03 14:35:09.351038	Details available The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression. Published: 2016-03-24T01:00:00.000Z Updated: 2024-08-06T07:51:28.515Z Open on db.gcve.eu Reference links http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.html https://support.apple.com/HT206167 https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-3900`	vulnerable	2026-06-03 14:34:50.679331	Details available RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack." Published: 2015-06-24T14:00:00.000Z Updated: 2024-08-06T05:56:16.332Z Open on db.gcve.eu Reference links http://rhn.redhat.com/errata/RHSA-2015-1657.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163502.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.html http://www.openwall.com/lists/oss-security/2015/06/26/2 https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.