CVE-2017-10784

NameCVE-2017-10784
DescriptionThe Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1113-1, DLA-1114-1, DLA-1421-1, DSA-4031-1
NVD severityhigh (attack range: remote)
Debian Bugs875931

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ruby2.1 (PTS)jessie2.1.5-2+deb8u3vulnerable
jessie (security)2.1.5-2+deb8u5fixed
ruby2.3 (PTS)stretch2.3.3-1+deb9u2fixed
stretch (security)2.3.3-1+deb9u3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ruby1.8source(unstable)(unfixed)high
ruby1.8sourcewheezy1.8.7.358-7.1+deb7u4highDLA-1113-1
ruby1.9.1source(unstable)(unfixed)high
ruby1.9.1sourcewheezy1.9.3.194-8.1+deb7u6highDLA-1114-1
ruby2.1source(unstable)(unfixed)high
ruby2.1sourcejessie2.1.5-2+deb8u4highDLA-1421-1
ruby2.3source(unstable)2.3.5-1high875931
ruby2.3sourcestretch2.3.3-1+deb9u2highDSA-4031-1

Notes

https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/
https://github.com/ruby/ruby/commit/6617c41292b7d1e097abb8fdb0cab9ddd83c77e7
https://hackerone.com/reports/223363

Search for package or bug name: Reporting problems