Vulnerability Description
Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| I18N Project | I18N | < 0.8.0 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- https://github.com/rubysec/ruby-advisory-db/pull/182/filesPatchThird Party Advisory
- https://github.com/svenfuchs/i18n/pull/289PatchThird Party Advisory
- https://github.com/svenfuchs/i18n/releases/tag/v0.8.0Release NotesThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/11/msg00021.htmlThird Party Advisory
- https://github.com/rubysec/ruby-advisory-db/pull/182/filesPatchThird Party Advisory
- https://github.com/svenfuchs/i18n/pull/289PatchThird Party Advisory
- https://github.com/svenfuchs/i18n/releases/tag/v0.8.0Release NotesThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/11/msg00021.htmlThird Party Advisory
FAQ
What is CVE-2014-10077?
CVE-2014-10077 is a vulnerability with a CVSS score of 7.5 (HIGH). Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is pres...
How severe is CVE-2014-10077?
CVE-2014-10077 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-10077?
Check the references section above for vendor advisories and patch information. Affected products include: I18N Project I18N, Debian Debian Linux.