High severity7.5NVD Advisory· Published Oct 27, 2017· Updated May 13, 2026
CVE-2017-15928
CVE-2017-15928
Description
In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation fault when a crafted input is supplied to parse_obj. NOTE: the vendor has stated "Ox should handle the error more gracefully" but has not confirmed a security implication.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
oxRubyGems | < 2.8.1 | 2.8.1 |
Affected products
1- cpe:2.3:a:ox_project:ox:2.8.0:*:*:*:*:ruby:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/ohler55/ox/issues/194nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-pjj4-w39g-pw54ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-15928ghsaADVISORY
- rubygems.org/gems/ox/versions/2.8.0nvdVendor AdvisoryWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/ox/CVE-2017-15928.ymlghsaWEB
News mentions
0No linked articles in our index yet.