1. CVE-Search
  2. CVE-2018-16396
ID CVE-2018-16396
Summary An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
References
Vulnerable Configurations
  • cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.3.0:preview1:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.3.0:preview1:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.3.0:preview2:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.3.0:preview2:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.4.0:preview1:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.4.0:preview1:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.4.0:preview2:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.4.0:preview2:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.4.0:preview3:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.4.0:preview3:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.4.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.4.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.5.0:preview1:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.5.0:preview1:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.0:preview2:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.0:preview2:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2018:3729
  • rhsa
    id RHSA-2018:3730
  • rhsa
    id RHSA-2018:3731
  • rhsa
    id RHSA-2019:2028
rpms
  • rh-ruby23-ruby-0:2.3.8-69.el6
  • rh-ruby23-ruby-0:2.3.8-69.el7
  • rh-ruby23-ruby-debuginfo-0:2.3.8-69.el6
  • rh-ruby23-ruby-debuginfo-0:2.3.8-69.el7
  • rh-ruby23-ruby-devel-0:2.3.8-69.el6
  • rh-ruby23-ruby-devel-0:2.3.8-69.el7
  • rh-ruby23-ruby-doc-0:2.3.8-69.el6
  • rh-ruby23-ruby-doc-0:2.3.8-69.el7
  • rh-ruby23-ruby-irb-0:2.3.8-69.el6
  • rh-ruby23-ruby-irb-0:2.3.8-69.el7
  • rh-ruby23-ruby-libs-0:2.3.8-69.el6
  • rh-ruby23-ruby-libs-0:2.3.8-69.el7
  • rh-ruby23-ruby-tcltk-0:2.3.8-69.el6
  • rh-ruby23-ruby-tcltk-0:2.3.8-69.el7
  • rh-ruby23-rubygem-bigdecimal-0:1.2.8-69.el6
  • rh-ruby23-rubygem-bigdecimal-0:1.2.8-69.el7
  • rh-ruby23-rubygem-did_you_mean-0:1.0.0-69.el6
  • rh-ruby23-rubygem-did_you_mean-0:1.0.0-69.el7
  • rh-ruby23-rubygem-io-console-0:0.4.5-69.el6
  • rh-ruby23-rubygem-io-console-0:0.4.5-69.el7
  • rh-ruby23-rubygem-json-0:1.8.3.1-69.el6
  • rh-ruby23-rubygem-json-0:1.8.3.1-69.el7
  • rh-ruby23-rubygem-minitest-0:5.8.5-69.el6
  • rh-ruby23-rubygem-minitest-0:5.8.5-69.el7
  • rh-ruby23-rubygem-net-telnet-0:0.1.1-69.el6
  • rh-ruby23-rubygem-net-telnet-0:0.1.1-69.el7
  • rh-ruby23-rubygem-power_assert-0:0.2.6-69.el6
  • rh-ruby23-rubygem-power_assert-0:0.2.6-69.el7
  • rh-ruby23-rubygem-psych-0:2.1.0.1-69.el6
  • rh-ruby23-rubygem-psych-0:2.1.0.1-69.el7
  • rh-ruby23-rubygem-rake-0:10.4.2-69.el6
  • rh-ruby23-rubygem-rake-0:10.4.2-69.el7
  • rh-ruby23-rubygem-rdoc-0:4.2.1-69.el6
  • rh-ruby23-rubygem-rdoc-0:4.2.1-69.el7
  • rh-ruby23-rubygem-test-unit-0:3.1.5-69.el6
  • rh-ruby23-rubygem-test-unit-0:3.1.5-69.el7
  • rh-ruby23-rubygems-0:2.5.2.3-69.el6
  • rh-ruby23-rubygems-0:2.5.2.3-69.el7
  • rh-ruby23-rubygems-devel-0:2.5.2.3-69.el6
  • rh-ruby23-rubygems-devel-0:2.5.2.3-69.el7
  • rh-ruby24-ruby-0:2.4.5-91.el6
  • rh-ruby24-ruby-0:2.4.5-91.el7
  • rh-ruby24-ruby-debuginfo-0:2.4.5-91.el6
  • rh-ruby24-ruby-debuginfo-0:2.4.5-91.el7
  • rh-ruby24-ruby-devel-0:2.4.5-91.el6
  • rh-ruby24-ruby-devel-0:2.4.5-91.el7
  • rh-ruby24-ruby-doc-0:2.4.5-91.el6
  • rh-ruby24-ruby-doc-0:2.4.5-91.el7
  • rh-ruby24-ruby-irb-0:2.4.5-91.el6
  • rh-ruby24-ruby-irb-0:2.4.5-91.el7
  • rh-ruby24-ruby-libs-0:2.4.5-91.el6
  • rh-ruby24-ruby-libs-0:2.4.5-91.el7
  • rh-ruby24-rubygem-bigdecimal-0:1.3.2-91.el6
  • rh-ruby24-rubygem-bigdecimal-0:1.3.2-91.el7
  • rh-ruby24-rubygem-did_you_mean-0:1.1.0-91.el6
  • rh-ruby24-rubygem-did_you_mean-0:1.1.0-91.el7
  • rh-ruby24-rubygem-io-console-0:0.4.6-91.el6
  • rh-ruby24-rubygem-io-console-0:0.4.6-91.el7
  • rh-ruby24-rubygem-json-0:2.0.4-91.el6
  • rh-ruby24-rubygem-json-0:2.0.4-91.el7
  • rh-ruby24-rubygem-minitest-0:5.10.1-91.el6
  • rh-ruby24-rubygem-minitest-0:5.10.1-91.el7
  • rh-ruby24-rubygem-net-telnet-0:0.1.1-91.el6
  • rh-ruby24-rubygem-net-telnet-0:0.1.1-91.el7
  • rh-ruby24-rubygem-openssl-0:2.0.9-91.el6
  • rh-ruby24-rubygem-openssl-0:2.0.9-91.el7
  • rh-ruby24-rubygem-power_assert-0:0.4.1-91.el6
  • rh-ruby24-rubygem-power_assert-0:0.4.1-91.el7
  • rh-ruby24-rubygem-psych-0:2.2.2-91.el6
  • rh-ruby24-rubygem-psych-0:2.2.2-91.el7
  • rh-ruby24-rubygem-rake-0:12.0.0-91.el6
  • rh-ruby24-rubygem-rake-0:12.0.0-91.el7
  • rh-ruby24-rubygem-rdoc-0:5.0.0-91.el6
  • rh-ruby24-rubygem-rdoc-0:5.0.0-91.el7
  • rh-ruby24-rubygem-test-unit-0:3.2.3-91.el6
  • rh-ruby24-rubygem-test-unit-0:3.2.3-91.el7
  • rh-ruby24-rubygem-xmlrpc-0:0.2.1-91.el6
  • rh-ruby24-rubygem-xmlrpc-0:0.2.1-91.el7
  • rh-ruby24-rubygems-0:2.6.14.3-91.el6
  • rh-ruby24-rubygems-0:2.6.14.3-91.el7
  • rh-ruby24-rubygems-devel-0:2.6.14.3-91.el6
  • rh-ruby24-rubygems-devel-0:2.6.14.3-91.el7
  • rh-ruby25-ruby-0:2.5.3-6.el7
  • rh-ruby25-ruby-debuginfo-0:2.5.3-6.el7
  • rh-ruby25-ruby-devel-0:2.5.3-6.el7
  • rh-ruby25-ruby-doc-0:2.5.3-6.el7
  • rh-ruby25-ruby-irb-0:2.5.3-6.el7
  • rh-ruby25-ruby-libs-0:2.5.3-6.el7
  • rh-ruby25-rubygem-bigdecimal-0:1.3.4-6.el7
  • rh-ruby25-rubygem-did_you_mean-0:1.2.0-6.el7
  • rh-ruby25-rubygem-io-console-0:0.4.6-6.el7
  • rh-ruby25-rubygem-json-0:2.1.0-6.el7
  • rh-ruby25-rubygem-minitest-0:5.10.3-6.el7
  • rh-ruby25-rubygem-net-telnet-0:0.1.1-6.el7
  • rh-ruby25-rubygem-openssl-0:2.1.2-6.el7
  • rh-ruby25-rubygem-power_assert-0:1.1.1-6.el7
  • rh-ruby25-rubygem-psych-0:3.0.2-6.el7
  • rh-ruby25-rubygem-rake-0:12.3.0-6.el7
  • rh-ruby25-rubygem-rdoc-0:6.0.1-6.el7
  • rh-ruby25-rubygem-test-unit-0:3.2.7-6.el7
  • rh-ruby25-rubygem-xmlrpc-0:0.3.0-6.el7
  • rh-ruby25-rubygems-0:2.7.6-6.el7
  • rh-ruby25-rubygems-devel-0:2.7.6-6.el7
  • ruby-0:2.0.0.648-36.el7
  • ruby-debuginfo-0:2.0.0.648-36.el7
  • ruby-devel-0:2.0.0.648-36.el7
  • ruby-doc-0:2.0.0.648-36.el7
  • ruby-irb-0:2.0.0.648-36.el7
  • ruby-libs-0:2.0.0.648-36.el7
  • ruby-tcltk-0:2.0.0.648-36.el7
  • rubygem-bigdecimal-0:1.2.0-36.el7
  • rubygem-io-console-0:0.4.2-36.el7
  • rubygem-json-0:1.7.7-36.el7
  • rubygem-minitest-0:4.3.2-36.el7
  • rubygem-psych-0:2.0.0-36.el7
  • rubygem-rake-0:0.9.6-36.el7
  • rubygem-rdoc-0:4.0.0-36.el7
  • rubygems-0:2.0.14.1-36.el7
  • rubygems-devel-0:2.0.14.1-36.el7
  • ruby-0:2.0.0.648-37.el7_4
  • ruby-debuginfo-0:2.0.0.648-37.el7_4
  • ruby-devel-0:2.0.0.648-37.el7_4
  • ruby-doc-0:2.0.0.648-37.el7_4
  • ruby-irb-0:2.0.0.648-37.el7_4
  • ruby-libs-0:2.0.0.648-37.el7_4
  • ruby-tcltk-0:2.0.0.648-37.el7_4
  • rubygem-bigdecimal-0:1.2.0-37.el7_4
  • rubygem-io-console-0:0.4.2-37.el7_4
  • rubygem-json-0:1.7.7-37.el7_4
  • rubygem-minitest-0:4.3.2-37.el7_4
  • rubygem-psych-0:2.0.0-37.el7_4
  • rubygem-rake-0:0.9.6-37.el7_4
  • rubygem-rdoc-0:4.0.0-37.el7_4
  • rubygems-0:2.0.14.1-37.el7_4
  • rubygems-devel-0:2.0.14.1-37.el7_4
  • ruby-0:2.0.0.648-38.el7_6
  • ruby-debuginfo-0:2.0.0.648-38.el7_6
  • ruby-devel-0:2.0.0.648-38.el7_6
  • ruby-doc-0:2.0.0.648-38.el7_6
  • ruby-irb-0:2.0.0.648-38.el7_6
  • ruby-libs-0:2.0.0.648-38.el7_6
  • ruby-tcltk-0:2.0.0.648-38.el7_6
  • rubygem-bigdecimal-0:1.2.0-38.el7_6
  • rubygem-io-console-0:0.4.2-38.el7_6
  • rubygem-json-0:1.7.7-38.el7_6
  • rubygem-minitest-0:4.3.2-38.el7_6
  • rubygem-psych-0:2.0.0-38.el7_6
  • rubygem-rake-0:0.9.6-38.el7_6
  • rubygem-rdoc-0:4.0.0-38.el7_6
  • rubygems-0:2.0.14.1-38.el7_6
  • rubygems-devel-0:2.0.14.1-38.el7_6
refmap via4
confirm
debian DSA-4332
misc https://hackerone.com/reports/385070
mlist [debian-lts-announce] 20181028 [SECURITY] [DLA 1558-1] ruby2.1 security update
sectrack 1042106
suse openSUSE-SU-2019:1771
ubuntu USN-3808-1
Last major update 03-10-2019 - 00:03
Published 16-11-2018 - 18:29
Last modified 03-10-2019 - 00:03
Back to Top