CVE-2017-15364 (ccsv): ccsv Double Free vulnerability

ccsv Double Free vulnerability

Published: May 17, 2022

SECURITY IDENTIFIERS

CVE: CVE-2017-15364 (NVD)
GHSA: GHSA-5gxp-c379-pj42
Vendor Advisory: https://github.com/evan/ccsv/issues/15

GEM

ccsv

SEVERITY

CVSS v3.x: 5.5 (Medium)

PATCHED VERSIONS

None available.

DESCRIPTION

The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file.

RubySec