{"id":"CVE-2017-0898","details":"Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.","modified":"2026-05-30T08:41:12.125307Z","published":"2017-09-15T19:29:00.190Z","related":["SUSE-SU-2020:1570-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"},{"type":"WEB","url":"https://usn.ubuntu.com/3685-1/"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/100862"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1039363"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:3485"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0378"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0583"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0585"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201710-18"},{"type":"ADVISORY","url":"https://www.debian.org/security/2017/dsa-4031"},{"type":"ADVISORY","url":"https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/"},{"type":"EVIDENCE","url":"https://github.com/mruby/mruby/issues/3722"},{"type":"EVIDENCE","url":"https://hackerone.com/reports/212241"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ruby/ruby","events":[{"introduced":"0"},{"last_affected":"7393bf6a5cfff63683f36535e293caaa0d4c5be0"},{"last_affected":"10bc9b85cba61af65dea858a2952ae04126a5d4d"},{"last_affected":"a9721a259665149b1b9ff0beabcf5f8dc0136120"},{"last_affected":"b8c7ea548aa8fb5f3c399a00ce877d3431c27a01"},{"last_affected":"9081c2c61ac9f7f9bdcbf054f33b2dc42740e85f"},{"last_affected":"449169fd8cfe4253381c40f595097ed50932bdae"},{"last_affected":"1c091e34809d91cb7e9ab4518a99e07f30b7fbd1"},{"last_affected":"530165c2948c3eed741db5659f7b937270caa46a"},{"last_affected":"d40ea2afa6ff5a6e5befcf342fb7b6dc58796b20"},{"last_affected":"5827d8e887d881eb3a6e6ea7410590261c90545f"},{"last_affected":"9d222264d5e6a2dcac5aceafb5742a65e53dc513"},{"last_affected":"c91cb76f8d84b2963f6ede2ef445ad46a6104216"},{"last_affected":"4bd69735af901266ec21486243fc206030caa6b9"},{"last_affected":"d4bb726b713658f56e630b6cf817a0155b6f390e"},{"last_affected":"820605ba3c10b9f4dafc4e5d6e09765b8b31cbea"}],"database_specific":{"cpe":["cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.2.1:*:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.2.3:*:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.2.4:*:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.2.5:*:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.2.6:*:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.2.7:*:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.3.1:*:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.3.2:*:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.3.3:*:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.3.4:*:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.4.0:*:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:*:*:*"],"source":"CPE_STRING","extracted_events":[{"introduced":"0"},{"last_affected":"2.2.0"},{"last_affected":"2.2.1"},{"last_affected":"2.2.2"},{"last_affected":"2.2.3"},{"last_affected":"2.2.4"},{"last_affected":"2.2.5"},{"last_affected":"2.2.6"},{"last_affected":"2.2.7"},{"last_affected":"2.3.0"},{"last_affected":"2.3.1"},{"last_affected":"2.3.2"},{"last_affected":"2.3.3"},{"last_affected":"2.3.4"},{"last_affected":"2.4.0"},{"last_affected":"2.4.1"}]}}],"versions":["v2_3_4","v2_2_7","v2_4_1","v2_4_0","v2_3_3","v2_2_6","v2_3_2","v2_2_5","v2_3_1","v2_3_0","v2_2_4","v2_2_3","v2_2_2","v2_2_1","v2_2_0","v2_2_0_rc1","v1_0_r2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-0898.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}]}