Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2017-11465

The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as a bypass of a $SAFE protection mechanism.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Products affected by CVE-2017-11465
  • Ruby-Lang » Ruby » Version: 2.4.1
    cpe:2.3:a:ruby-lang:ruby:2.4.1


Contact Us

Shodan ® - All rights reserved