CVE-2017-15364

MEDIUM

Ccsv - Double Free

Title source: rule

Description

The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file. NOTE: This has been disputed and it is argued that this is not present in version 1.1.0.

References (3)

[Third Party Advisory] https://github.com/evan/ccsv/issues/15

[Patch] https://github.com/evan/ccsv/commit/24e0b9b94c44a15b23475e821366239d53764dbd

[Patch] https://github.com/evan/ccsv/commit/c59d960ffa6b742a0616a209442618462142e6c1#diff-e39824a4819928ff248d5e90a12d1b311db2923907171cdc0ad7058da12244d9R224

View Patch ZIP pw:eip

Scores

CVSS v3 5.5

EPSS 0.0027

EPSS Percentile 50.4%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-415

Status draft

Affected Products (2)

ccsv_project/ccsv

rubygems/ccsv RubyGems

Timeline

Published Oct 15, 2017

Tracked Since Feb 18, 2026