RubySec

Providing security resources for the Ruby community

CVE-2017-15928 (ox): ox ruby gem segmentation fault via parse_obj

ADVISORIES

GEM

ox

SEVERITY

CVSS v3: 7.5

CVSS v2: 5.0

PATCHED VERSIONS

  • >= 2.8.1

DESCRIPTION

In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation fault when a crafted input is supplied to parse_obj. NOTE: the vendor has stated “Ox should handle the error more gracefully” but has not confirmed a security implication.