Bug 1492015 (CVE-2017-0898) - CVE-2017-0898 ruby: Buffer underrun vulnerability in Kernel.sprintf
Summary: CVE-2017-0898 ruby: Buffer underrun vulnerability in Kernel.sprintf
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2017-0898
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1492016 1492017 1509448 1509449 1509450 1509451 1534437 1534438 1534937 1534941
Blocks: 1492024
TreeView+ depends on / blocked
 
Reported: 2017-09-15 09:34 UTC by Adam Mariš
Modified: 2021-02-17 01:29 UTC (History)
30 users (show)

Fixed In Version: ruby 2.2.8, ruby 2.3.5, ruby 2.4.2
Doc Type: If docs needed, set a value
Doc Text:
A buffer underflow was found in ruby's sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter.
Clone Of:
Environment:
Last Closed: 2017-12-20 10:08:35 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:3485 0 normal SHIPPED_LIVE Moderate: rh-ruby24-ruby security, bug fix, and enhancement update 2017-12-19 13:37:01 UTC
Red Hat Product Errata RHSA-2018:0378 0 normal SHIPPED_LIVE Important: ruby security update 2018-03-01 01:06:17 UTC
Red Hat Product Errata RHSA-2018:0583 0 None None None 2018-03-26 09:46:14 UTC
Red Hat Product Errata RHSA-2018:0585 0 None None None 2018-03-26 10:24:21 UTC

Description Adam Mariš 2017-09-15 09:34:46 UTC 
There is a buffer underrun vulnerability in the sprintf method of Kernel module. If a malicious format string which contains a precious specifier (*) is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or the Ruby interpreter may crash.

External References:

https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/
Comment 1 Adam Mariš 2017-09-15 09:37:37 UTC 
Created ruby tracking bugs for this issue:

Affects: fedora-all [bug 1492016]


Created ruby193-ruby tracking bugs for this issue:

Affects: openshift-1 [bug 1492017]
Comment 2 Fedora Update System 2017-10-02 14:24:40 UTC 
ruby-2.4.2-84.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.
Comment 6 errata-xmlrpc 2017-12-19 08:38:47 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS

Via RHSA-2017:3485 https://access.redhat.com/errata/RHSA-2017:3485
Comment 7 Cedric Buissart 2017-12-20 10:08:52 UTC 
Statement:

This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Comment 10 errata-xmlrpc 2018-02-28 20:02:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0378
Comment 12 errata-xmlrpc 2018-03-26 09:46:01 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS

Via RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0583
Comment 13 errata-xmlrpc 2018-03-26 10:24:07 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS

Via RHSA-2018:0585 https://access.redhat.com/errata/RHSA-2018:0585
Note You need to log in before you can comment on or make changes to this bug.