GCVE - cpe:2.3:a:ruby-lang:ruby:2.3.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ruby-lang:ruby:2.3.1:*:*:*:*:*:*:*

part: a version: 2.3.1 update: *

Vendor	Ruby Lang (`5813a634-c286-5f1d-90d5-a1a352f78d39`)
Product	Ruby (`48f7c14c-c576-5b15-be87-22eeb9add91e`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/ruby/ruby`	purl2cpe	2026-06-01 10:11:45.610138
`pkg:ruby-lang/ruby`	purl2cpe	2026-06-01 10:11:45.610139

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-14064`	vulnerable	2026-06-03 14:36:38.400621	Details available Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len. Published: 2017-08-31T17:00:00.000Z Updated: 2024-08-05T19:13:41.685Z Open on db.gcve.eu Reference links https://usn.ubuntu.com/3685-1/ https://access.redhat.com/errata/RHSA-2018:0585 https://www.debian.org/security/2017/dsa-3966 https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/ https://access.redhat.com/errata/RHSA-2018:0378	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-14033`	vulnerable	2026-06-03 14:36:38.369397	Details available The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string. Published: 2017-09-19T17:00:00.000Z Updated: 2024-08-05T19:13:41.487Z Open on db.gcve.eu Reference links https://access.redhat.com/errata/RHSA-2018:0585 https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/ https://access.redhat.com/errata/RHSA-2018:0378 http://www.securitytracker.com/id/1042004 https://www.debian.org/security/2017/dsa-4031	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-10784`	vulnerable	2026-06-03 14:36:27.087628	Details available The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name. Published: 2017-09-19T17:00:00.000Z Updated: 2024-08-05T17:50:11.932Z Open on db.gcve.eu Reference links https://usn.ubuntu.com/3685-1/ https://access.redhat.com/errata/RHSA-2018:0585 https://usn.ubuntu.com/3528-1/ http://www.securityfocus.com/bid/100853 https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-0898`	vulnerable	2026-06-03 14:36:19.563166	Details available Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap. Published: 2017-09-15T19:00:00.000Z Updated: 2024-09-17T01:36:46.258Z Open on db.gcve.eu Reference links https://usn.ubuntu.com/3685-1/ https://hackerone.com/reports/212241 https://access.redhat.com/errata/RHSA-2018:0585 https://access.redhat.com/errata/RHSA-2018:0378 https://www.debian.org/security/2017/dsa-4031	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.