Vulnerability Change Records for CVE-2017-0898

Change History

CVE Modified by HackerOne 10/18/2017 9:30:21 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://security.gentoo.org/glsa/201710-18 [No Types Assigned]

CVE Modified by HackerOne 10/09/2019 7:21:09 PM

Action Type Old Value New Value
Added CWE

								
							
							
						
HackerOne CWE-134

CVE Modified by HackerOne 3/27/2018 9:29:06 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2018:0583 [No Types Assigned]
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2018:0585 [No Types Assigned]

CVE Modified by HackerOne 7/14/2018 9:29:01 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html [No Types Assigned]

CVE Modified by HackerOne 12/19/2017 9:29:01 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2017:3485 [No Types Assigned]

CVE Modified by HackerOne 9/21/2017 9:29:24 PM

Action Type Old Value New Value
Changed Description
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a leakage of its heap by the malicious specification of the format of sprintf method. If a script allows to accept any format from the outside, there is a risk to be spied the contents of the heap.
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.

CVE Modified by HackerOne 9/19/2017 9:29:02 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.securityfocus.com/bid/100862 [No Types Assigned]

CVE Modified by HackerOne 6/15/2018 9:29:01 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://usn.ubuntu.com/3685-1/ [No Types Assigned]

CVE Modified by HackerOne 11/12/2017 9:29:00 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://www.debian.org/security/2017/dsa-4031 [No Types Assigned]

CVE Modified by HackerOne 9/16/2017 9:29:05 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.securitytracker.com/id/1039363 [No Types Assigned]

CVE Modified by HackerOne 3/01/2018 9:29:00 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2018:0378 [No Types Assigned]