PublicDateAtUSN: 2017-08-31
Candidate: CVE-2017-14064
PublicDate: 2017-08-31 17:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14064
 https://www.ruby-lang.org/en/news/2017/09/14/json-heap-exposure-cve-2017-14064/
 https://hackerone.com/reports/209949
 https://ubuntu.com/security/notices/USN-3439-1
 https://ubuntu.com/security/notices/USN-3528-1
 https://ubuntu.com/security/notices/USN-3685-1
Description:
 Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose
 arbitrary memory during a JSON.generate call. The issues lies in using
 strdup in ext/json/ext/generator/generator.c, which will stop after
 encountering a '\0' byte, returning a pointer to a string of length zero,
 which is not the length stored in space_len.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.ruby-lang.org/issues/13853
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873906
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_ruby1.9.1:
 upstream: https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85
upstream_ruby1.9.1: needs-triage
precise/esm_ruby1.9.1: DNE
trusty_ruby1.9.1: released (1.9.3.484-2ubuntu1.5)
trusty/esm_ruby1.9.1: DNE (trusty was released [1.9.3.484-2ubuntu1.5])
vivid/ubuntu-core_ruby1.9.1: DNE
xenial_ruby1.9.1: DNE
zesty_ruby1.9.1: DNE
artful_ruby1.9.1: DNE
bionic_ruby1.9.1: DNE
devel_ruby1.9.1: DNE

Patches_ruby2.0:
upstream_ruby2.0: needs-triage
precise/esm_ruby2.0: DNE
trusty_ruby2.0: released (2.0.0.484-1ubuntu2.10)
trusty/esm_ruby2.0: DNE (trusty was released [2.0.0.484-1ubuntu2.10])
vivid/ubuntu-core_ruby2.0: DNE
xenial_ruby2.0: DNE
zesty_ruby2.0: DNE
artful_ruby2.0: DNE
bionic_ruby2.0: DNE
devel_ruby2.0: DNE

Patches_ruby2.3:
upstream_ruby2.3: needs-triage
precise/esm_ruby2.3: DNE
trusty_ruby2.3: DNE
trusty/esm_ruby2.3: DNE
vivid/ubuntu-core_ruby2.3: DNE
xenial_ruby2.3: released (2.3.1-2~16.04.5)
esm-infra/xenial_ruby2.3: released (2.3.1-2~16.04.5)
zesty_ruby2.3: ignored (reached end-of-life)
artful_ruby2.3: released (2.3.3-1ubuntu1.2)
bionic_ruby2.3: DNE
devel_ruby2.3: DNE