High severity7.8NVD Advisory· Published Jun 22, 2018· Updated Jun 17, 2026
CVE-2018-1000201
CVE-2018-1000201
Description
ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ffiRubyGems | < 1.9.24 | 1.9.24 |
Affected products
1Patches
Vulnerability mechanics
References
6- github.com/ffi/ffi/commit/09e0c6076466b4383da7fa4e13f714311109945anvdPatchThird Party AdvisoryWEB
- github.com/ffi/ffi/commit/e0fe486df0e117ed67b0282b6ada04b7214ca05cnvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-2gw2-8q9w-cw8pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-1000201ghsaADVISORY
- github.com/ffi/ffi/releases/tag/1.9.24ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/ffi/CVE-2018-1000201.ymlghsaWEB
News mentions
0No linked articles in our index yet.