GCVE - cpe:2.3:a:ruby-lang:ruby:2.2.3:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ruby-lang:ruby:2.2.3:*:*:*:*:*:*:*

part: a version: 2.2.3 update: *

Vendor	Ruby Lang (`5813a634-c286-5f1d-90d5-a1a352f78d39`)
Product	Ruby (`48f7c14c-c576-5b15-be87-22eeb9add91e`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/ruby/ruby`	purl2cpe	2026-06-01 10:11:45.610111
`pkg:ruby-lang/ruby`	purl2cpe	2026-06-01 10:11:45.610112

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-14033`	vulnerable	2026-06-03 14:36:38.365480	Details available The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string. Published: 2017-09-19T17:00:00.000Z Updated: 2024-08-05T19:13:41.487Z Open on db.gcve.eu Reference links https://access.redhat.com/errata/RHSA-2018:0585 https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/ https://access.redhat.com/errata/RHSA-2018:0378 http://www.securitytracker.com/id/1042004 https://www.debian.org/security/2017/dsa-4031	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-0898`	vulnerable	2026-06-03 14:36:19.560254	Details available Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap. Published: 2017-09-15T19:00:00.000Z Updated: 2024-09-17T01:36:46.258Z Open on db.gcve.eu Reference links https://usn.ubuntu.com/3685-1/ https://hackerone.com/reports/212241 https://access.redhat.com/errata/RHSA-2018:0585 https://access.redhat.com/errata/RHSA-2018:0378 https://www.debian.org/security/2017/dsa-4031	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-7551`	vulnerable	2026-06-03 14:35:09.352700	Details available The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression. Published: 2016-03-24T01:00:00.000Z Updated: 2024-08-06T07:51:28.515Z Open on db.gcve.eu Reference links http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.html https://support.apple.com/HT206167 https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.