Main Vulnerability Database SB2018110634

SB2018110634 - Input validation error in Debian Linux

Published: November 6, 2018 Updated: August 8, 2020

Security Bulletin ID SB2018110634

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2014-10077)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash.

Remediation

Install update from vendor's website.

References

https://github.com/rubysec/ruby-advisory-db/pull/182/files
https://github.com/svenfuchs/i18n/pull/289
https://github.com/svenfuchs/i18n/releases/tag/v0.8.0
https://lists.debian.org/debian-lts-announce/2018/11/msg00021.html