ruby-ffi DDL loading issue on Windows OS
Published: June 22, 2018
SECURITY IDENTIFIERS
- CVE: CVE-2018-1000201 (NVD)
- GHSA: GHSA-2gw2-8q9w-cw8p
- Vendor Advisory: https://github.com/ffi/ffi/releases/tag/1.9.24
GEM
SEVERITY
PATCHED VERSIONS
>= 1.9.24
DESCRIPTION
ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later.