CVE-2018-1000201

Severity CVSS v4.0:
Pending analysis
Type:
CWE-426 Untrusted Search Path
Publication date:
22/06/2018
Last modified:
13/08/2018

Description

ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:ruby-ffi_project:ruby-ffi:*:*:*:*:*:*:*:* 1.9.23 (including)
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*