CVE-2018-1000075

Aliases:GHSA-74pv-v9gh-h25p

Advisory lineage Upstream: 0 Downstream: 22

Downstream

DEBIAN-CVE-2018-1000075 DLA-1336-1 DLA-1337-1 DLA-1358-1 DLA-1421-1 DLA-1796-1

Modified

Published: 13 Mar 2018, 15:00

Last modified:05 Aug 2024, 12:33

Vulnerability Summary

Overall Risk (default)

medium

30/100

CVSS Score

7.5 HIGH

v3.0 (nvd)

EPSS Score

1.76% LOW

2% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

13 Mar 2018, 15:00

Published

Vulnerability first disclosed

05 Aug 2024, 12:33

Last Modified

Vulnerability information updated

Description

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6.

CVSS Metrics

v3.0•HIGH•Score: 7.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 1.76%• Percentile: 83%

Techniques & Countermeasures

CWE-835•Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Systems

debian•debian_linux
7.0
RubyGems•rubygems-update
< 2.7.6
org.jruby•jruby-stdlib
< 9.1.16.0
rubygems•rubygems
≤ 2.2.9 | ≤ 2.3.6 | ≤ 2.4.3 | ≤ 2.5.0