
Ruby CVE-2018-8778 Arbitrary Memory Disclosure Vulnerability - robin0
https://coocoor.com/advisory/cve/CVE-2018-8778
======
aboutruby
[https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-
re...](https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-
cve-2018-8778/)

Affected Versions:

Ruby 2.2 series: 2.2.9 and earlier

Ruby 2.3 series: 2.3.6 and earlier

Ruby 2.4 series: 2.4.3 and earlier

Ruby 2.5 series: 2.5.0 and earlier

Ruby 2.6 series: 2.6.0-preview1

prior to trunk revision r62992

------
jonawesomegreen
[https://nvd.nist.gov/vuln/detail/CVE-2018-8778](https://nvd.nist.gov/vuln/detail/CVE-2018-8778)

Seems like the vulnerability is somewhat old with a published date of
04/03/2018\. Any reason this is coming up again today?

~~~
jeremy_k
[https://nvd.nist.gov/vuln/detail/CVE-2018-8778#VulnChangeHis...](https://nvd.nist.gov/vuln/detail/CVE-2018-8778#VulnChangeHistorySection)

Looks like someone added more information today

~~~
robin0
Thank you @Jeremy_k for pointing that out. Yes it a vulnerability from 2018.
It seems like they added couple of red hat distribution versions affected by
this vulnerability.

