CVE-2017-6181

Published: Apr 3, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression.

Affected (1)

Products: Ruby Lang: Ruby

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ruby Lang Ruby	Version 2.4.0

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://www.securityfocus.com/bid/97304

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugs.ruby-lang.org/issues/13234

Source: cve@mitre.org

Issue TrackingVendor Advisory

https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/57660

Source: cve@mitre.org

Issue TrackingVendor Advisory

http://www.securityfocus.com/bid/97304

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugs.ruby-lang.org/issues/13234

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/57660

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.