CVE-2017-15364: ccsv Double Free vulnerability
5.5
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.66911%
CWE
Published
5/17/2022
Updated
3/6/2023
KEV Status
No
Technology
Ruby
Technical Details
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
ccsv | rubygems | <= 1.1.0 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
- Multiple sources (CVE, GHSA, ruby-advisory-db) explicitly identify the foreach function in ext/ccsv.c as the vulnerability location.
- The crash backtrace shows memory corruption in ccsv.so with a double free pattern.
- The vulnerability manifests specifically during CSV parsing operations handled by this function.
- The CWE-415 classification confirms the double free pattern matches the observed behavior.
- Though no patch is available, the reproduction case and technical details in Issue #15 demonstrate the function's flawed memory management logic.