Vulnerability Details : CVE-2014-10077
Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2014-10077
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:i18n_project:i18n:*:*:*:*:*:ruby:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-10077
1.38%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-10077
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2014-10077
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-10077
-
https://github.com/svenfuchs/i18n/pull/289
Teach Hash#slice to only include keys that exist in original by lmarlow · Pull Request #289 · ruby-i18n/i18n · GitHubPatch;Third Party Advisory
-
https://github.com/svenfuchs/i18n/releases/tag/v0.8.0
Release v0.8.0 · ruby-i18n/i18n · GitHubRelease Notes;Third Party Advisory
-
https://github.com/rubysec/ruby-advisory-db/pull/182/files
Adding OSVDB-121500 for i18n by reedloden · Pull Request #182 · rubysec/ruby-advisory-db · GitHubPatch;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/11/msg00021.html
[SECURITY] [DLA 1584-1] ruby-i18n security updateThird Party Advisory
Jump to