CVE-2017-14064 in Ubuntu

CVE-2017-14064

Priority

Description

Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose
arbitrary memory during a JSON.generate call. The issues lies in using
strdup in ext/json/ext/generator/generator.c, which will stop after
encountering a '\0' byte, returning a pointer to a string of length zero,
which is not the length stored in space_len.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064
https://www.ruby-lang.org/en/news/2017/09/14/json-heap-exposure-cve-2017-14064/
https://hackerone.com/reports/209949
https://ubuntu.com/security/notices/USN-3439-1
https://ubuntu.com/security/notices/USN-3528-1
https://ubuntu.com/security/notices/USN-3685-1

Bugs

https://bugs.ruby-lang.org/issues/13853
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873906

Notes

Package

Source: ruby1.9.1 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was released [1.9.3.484-2ubuntu1.5])

Patches:

Upstream:

https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85

Package

Source: ruby2.0 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was released [2.0.0.484-1ubuntu2.10])

Patches:

Package

Source: ruby2.3 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 16.04 ESM:	released (2.3.1-2~16.04.5)
Ubuntu 14.04 ESM:	DNE

Patches:

More Information

Updated: 2022-04-13 12:55:09 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)