{"id":"CVE-2017-14033","details":"The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.","aliases":["GHSA-v6rp-3r3v-hf4p"],"modified":"2026-05-15T05:33:46.259052Z","published":"2017-09-19T17:29:00.327Z","related":["SUSE-SU-2020:1570-1"],"references":[{"type":"WEB","url":"http://www.securitytracker.com/id/1042004"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/100868"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1039363"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0378"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0583"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0585"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201710-18"},{"type":"ADVISORY","url":"https://www.debian.org/security/2017/dsa-4031"},{"type":"ADVISORY","url":"https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/"},{"type":"FIX","url":"https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/"},{"type":"FIX","url":"https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ruby/ruby","events":[{"introduced":"0"},{"last_affected":"7393bf6a5cfff63683f36535e293caaa0d4c5be0"},{"last_affected":"ac98aa3101ae3cf09c3bb318e22b72404150f106"},{"last_affected":"2e968a23387c3255379a9bf91f3ecdafb01d940d"},{"last_affected":"050b43acced48e2699f4c57df65e207da4f0aa5a"},{"last_affected":"10bc9b85cba61af65dea858a2952ae04126a5d4d"},{"last_affected":"a9721a259665149b1b9ff0beabcf5f8dc0136120"},{"last_affected":"b8c7ea548aa8fb5f3c399a00ce877d3431c27a01"},{"last_affected":"9081c2c61ac9f7f9bdcbf054f33b2dc42740e85f"},{"last_affected":"449169fd8cfe4253381c40f595097ed50932bdae"},{"last_affected":"1c091e34809d91cb7e9ab4518a99e07f30b7fbd1"},{"last_affected":"530165c2948c3eed741db5659f7b937270caa46a"},{"last_affected":"d40ea2afa6ff5a6e5befcf342fb7b6dc58796b20"},{"last_affected":"9993701c7d3d83e24699177fef3238d8bf7bbbab"},{"last_affected":"e3434401aca2e331132652d4458366267e8cf378"},{"last_affected":"5827d8e887d881eb3a6e6ea7410590261c90545f"},{"last_affected":"9d222264d5e6a2dcac5aceafb5742a65e53dc513"},{"last_affected":"c91cb76f8d84b2963f6ede2ef445ad46a6104216"},{"last_affected":"4bd69735af901266ec21486243fc206030caa6b9"},{"last_affected":"d4bb726b713658f56e630b6cf817a0155b6f390e"},{"last_affected":"8183c0532207ad0a9b9f99b659116218a9fa132b"},{"last_affected":"e11c22602af69e8139ec0649bb39f5a66d1e66a1"},{"last_affected":"81234c5ecaab58e03e346ebdbf5678e4b8a3db55"},{"last_affected":"55b2febff000595e6c5d8120ccb888855b7edb6f"},{"last_affected":"820605ba3c10b9f4dafc4e5d6e09765b8b31cbea"}],"database_specific":{"cpe":["cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.2.0:preview1:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.2.0:preview2:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.2.0:rc1:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.2.1:*:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.2.3:*:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.2.4:*:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.2.5:*:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.2.6:*:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.2.7:*:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.3.0:preview1:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.3.0:preview2:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.3.1:*:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.3.2:*:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.3.3:*:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.3.4:*:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.4.0:*:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.4.0:preview1:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.4.0:preview2:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.4.0:preview3:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.4.0:rc1:*:*:*:*:*:*","cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"2.2.0"},{"last_affected":"2.2.0-preview1"},{"last_affected":"2.2.0-preview2"},{"last_affected":"2.2.0-rc1"},{"last_affected":"2.2.1"},{"last_affected":"2.2.2"},{"last_affected":"2.2.3"},{"last_affected":"2.2.4"},{"last_affected":"2.2.5"},{"last_affected":"2.2.6"},{"last_affected":"2.2.7"},{"last_affected":"2.3.0"},{"last_affected":"2.3.0-preview1"},{"last_affected":"2.3.0-preview2"},{"last_affected":"2.3.1"},{"last_affected":"2.3.2"},{"last_affected":"2.3.3"},{"last_affected":"2.3.4"},{"last_affected":"2.4.0"},{"last_affected":"2.4.0-preview1"},{"last_affected":"2.4.0-preview2"},{"last_affected":"2.4.0-preview3"},{"last_affected":"2.4.0-rc1"},{"last_affected":"2.4.1"}]}}],"versions":["v2_3_4","v2_2_7","v2_4_1","v2_4_0","v2_4_0_rc1","v2_3_3","v2_2_6","v2_3_2","v2_4_0_preview3","v2_4_0_preview2","v2_4_0_preview1","v2_2_5","v2_3_1","v2_3_0","v2_2_4","v2_3_0_preview2","v2_3_0_preview1","v2_2_3","v2_2_2","v2_2_1","v2_2_0","v2_2_0_rc1","v2_2_0_preview2","v2_2_0_preview1","v1_0_r2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-14033.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}