RubySec

Providing security resources for the Ruby community

CVE-2017-15364 (ccsv): ccsv Double Free vulnerability

ADVISORIES

GEM

ccsv

SEVERITY

CVSS v3.x: 5.5 (Medium)

PATCHED VERSIONS

None.

DESCRIPTION

The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file.