PT-2018-3007 · Ruby · I18N Gem

Lmarlow

Published

2018-11-06

Updated

2022-05-14

CVE-2014-10077

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions i18n gem versions prior to 0.8.0

Description The issue is related to a buffer overflow in the Ruby programming language interpreter. It can be exploited by a remote attacker to cause a denial of service. Specifically, the Hash#slice method in the lib/i18n/core ext/hash.rb file of the i18n gem is vulnerable. This can be triggered when the :some key is present in keep keys but not in the hash, leading to an application crash.

Recommendations For versions prior to 0.8.0, update the i18n gem to version 0.8.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Hash#slice method in situations where :some key may not be present in the hash to minimize the risk of exploitation.

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2019-03336

CVE-2014-10077

DLA-1584-1

GHSA-34HF-G744-JW64

MGASA-2018-0491

Affected Products

I18N Gem

PT-2018-3007 · Ruby · I18N Gem

CVE-2014-10077

Weakness Enumeration

Related Identifiers

Affected Products

References · 26