CVE-2018-3759

Name of the Vulnerable Software and Affected Versions private address check ruby gem versions prior to 0.5.0

Description The issue is related to a time-of-check time-of-use (TOCTOU) race condition. This occurs because the address the socket uses is not checked. Specifically, DNS entries with a TTL of 0 can trigger a scenario where the initial resolution is a public address, but the subsequent resolution is a private address.

Recommendations For versions prior to 0.5.0, update to version 0.5.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of DNS entries with a TTL of 0 to minimize the risk of exploitation.