CVE-2018-1000201
Severity CVSS v4.0:
Pending analysis
Type:
CWE-426
Untrusted Search Path
Publication date:
22/06/2018
Last modified:
13/08/2018
Description
ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:ruby-ffi_project:ruby-ffi:*:*:*:*:*:*:*:* | 1.9.23 (including) | |
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page