Medium severity5.5NVD Advisory· Published Oct 15, 2017· Updated May 13, 2026
CVE-2017-15364
CVE-2017-15364
Description
The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file. NOTE: This has been disputed and it is argued that this is not present in version 1.1.0.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ccsvRubyGems | <= 1.1.0 | — |
Affected products
1- cpe:2.3:a:ccsv_project:ccsv:1.1.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-5gxp-c379-pj42ghsaADVISORY
- github.com/evan/ccsv/issues/15nvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2017-15364ghsaADVISORY
- github.com/rubysec/ruby-advisory-db/blob/master/gems/ccsv/CVE-2017-15364.ymlghsaWEB
- github.com/evan/ccsv/commit/24e0b9b94c44a15b23475e821366239d53764dbdnvd
- github.com/evan/ccsv/commit/c59d960ffa6b742a0616a209442618462142e6c1nvd
News mentions
0No linked articles in our index yet.