CVE-2018-16396

Published: Nov 16, 2018Modified: Nov 21, 2024

8.1

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.

Affected (16)

Products: Ruby Lang: Ruby · Canonical: Ubuntu Linux · Debian: Debian Linux · +1 more

Show all products

Ruby Lang: Ruby · Canonical: Ubuntu Linux · Debian: Debian Linux · Redhat: Enterprise Linux

1 product

1 product

1 product

1 product

Enterprise Linux

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Ruby Lang Ruby	From 2.3.0 to 2.3.7
Ruby Lang Ruby	From 2.4.0 to 2.4.4
Ruby Lang Ruby	From 2.5.0 to 2.5.1
Ruby Lang Ruby	Version 2.6.0 preview1
Ruby Lang Ruby	Version 2.6.0 preview2

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 18.10

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration D

5 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 6.0
Redhat Enterprise Linux	Version 7.0
Redhat Enterprise Linux	Version 7.4
Redhat Enterprise Linux	Version 7.5
Redhat Enterprise Linux	Version 7.6

References (32)

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html

Source: cve@mitre.org

http://www.securitytracker.com/id/1042106

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2018:3729

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3730

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3731

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2028

Source: cve@mitre.org

https://hackerone.com/reports/385070

Source: cve@mitre.org

Permissions RequiredThird Party Advisory

https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html

Source: cve@mitre.org

Third Party Advisory

https://security.netapp.com/advisory/ntap-20190221-0002/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3808-1/

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2018/dsa-4332

Source: cve@mitre.org

Third Party Advisory

https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/

Source: cve@mitre.org

Vendor Advisory

https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/

Source: cve@mitre.org

Release Notes

https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/

Source: cve@mitre.org

Release Notes

https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/

Source: cve@mitre.org

Release Notes

https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/

Source: cve@mitre.org

Release Notes

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1042106

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2018:3729

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3730

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3731

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2028

Source: af854a3a-2127-422b-91ae-364da2661108

https://hackerone.com/reports/385070

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.netapp.com/advisory/ntap-20190221-0002/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/3808-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2018/dsa-4332

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

Timeline

No history available yet.