CVE-2017-11465

Published: 7/19/2017 Last updated: 9/16/2024 Reserved: 7/19/2017

The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as a bypass of a $SAFE protection mechanism.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (1)

conf-ruby

Products affected (1)

Product	Vendor	Version
n/a	n/a	= 6.06

References (4)

https://bugs.ruby-lang.org/issues/13742
https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/59344
https://bugs.ruby-lang.org/issues/13742
https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/59344