{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-11-06T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-11-22T10:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/svenfuchs/i18n/releases/tag/v0.8.0"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/rubysec/ruby-advisory-db/pull/182/files"}, {"name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1584-1] ruby-i18n security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00021.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/svenfuchs/i18n/pull/289"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-10077", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/svenfuchs/i18n/releases/tag/v0.8.0", "refsource": "MISC", "url": "https://github.com/svenfuchs/i18n/releases/tag/v0.8.0"}, {"name": "https://github.com/rubysec/ruby-advisory-db/pull/182/files", "refsource": "MISC", "url": "https://github.com/rubysec/ruby-advisory-db/pull/182/files"}, {"name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1584-1] ruby-i18n security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00021.html"}, {"name": "https://github.com/svenfuchs/i18n/pull/289", "refsource": "MISC", "url": "https://github.com/svenfuchs/i18n/pull/289"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:02:38.314Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/svenfuchs/i18n/releases/tag/v0.8.0"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/rubysec/ruby-advisory-db/pull/182/files"}, {"name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1584-1] ruby-i18n security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00021.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/svenfuchs/i18n/pull/289"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-10077", "datePublished": "2018-11-06T16:00:00.000Z", "dateReserved": "2018-11-06T00:00:00.000Z", "dateUpdated": "2024-08-06T14:02:38.314Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:i18n_project:i18n:*:*:*:*:*:ruby:*:*", "matchCriteriaId": "B45FB474-EB9A-493C-9614-9EA2B9E029BD", "versionEndExcluding": "0.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash."}, {"lang": "es", "value": "Hash#slice en lib/i18n/core_ext/hash.rb en la gema i18n en versiones anteriores a la 0.8.0 para Ruby permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (cierre inesperado de la aplicaci\u00f3n) mediante una llamada en una situaci\u00f3n en la que :some_key est\u00e1 presente en keep_keys, pero no en el hash."}], "id": "CVE-2014-10077", "lastModified": "2024-11-21T02:03:28.270", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-11-06T15:29:00.230", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/rubysec/ruby-advisory-db/pull/182/files"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/svenfuchs/i18n/pull/289"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/svenfuchs/i18n/releases/tag/v0.8.0"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/rubysec/ruby-advisory-db/pull/182/files"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/svenfuchs/i18n/pull/289"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/svenfuchs/i18n/releases/tag/v0.8.0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00021.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "rubygem-i18n: denial of service in Hash#slice in lib/i18n/core_ext/hash.rb", "id": "1647431", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1647431"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-400", "details": ["Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash."], "name": "CVE-2014-10077", "package_state": [{"cpe": "cpe:/a:redhat:openshift:3.10", "fix_state": "Not affected", "package_name": "rubygem-i18n", "product_name": "Red Hat OpenShift Container Platform 3.10"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Not affected", "package_name": "rubygem-i18n", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.2", "fix_state": "Will not fix", "package_name": "rubygem-i18n", "product_name": "Red Hat OpenShift Container Platform 3.2"}, {"cpe": "cpe:/a:redhat:openshift:3.3", "fix_state": "Will not fix", "package_name": "rubygem-i18n", "product_name": "Red Hat OpenShift Container Platform 3.3"}, {"cpe": "cpe:/a:redhat:openshift:3.4", "fix_state": "Will not fix", "package_name": "rubygem-i18n", "product_name": "Red Hat OpenShift Container Platform 3.4"}, {"cpe": "cpe:/a:redhat:openshift:3.5", "fix_state": "Will not fix", "package_name": "rubygem-i18n", "product_name": "Red Hat OpenShift Container Platform 3.5"}, {"cpe": "cpe:/a:redhat:openshift:3.6", "fix_state": "Not affected", "package_name": "rubygem-i18n", "product_name": "Red Hat OpenShift Container Platform 3.6"}, {"cpe": "cpe:/a:redhat:openshift:3.7", "fix_state": "Not affected", "package_name": "rubygem-i18n", "product_name": "Red Hat OpenShift Container Platform 3.7"}, {"cpe": "cpe:/a:redhat:openshift:3.9", "fix_state": "Not affected", "package_name": "rubygem-i18n", "product_name": "Red Hat OpenShift Container Platform 3.9"}, {"cpe": "cpe:/a:redhat:openshift:3.1", "fix_state": "Will not fix", "package_name": "rubygem-i18n", "product_name": "Red Hat OpenShift Enterprise 3.1"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Will not fix", "package_name": "tfm-rubygem-i18n", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-ror42-rubygem-i18n", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-ror50-rubygem-i18n", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "rubygem-i18n", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Will not fix", "package_name": "ruby193-rubygem-i18n", "product_name": "Red Hat Subscription Asset Manager"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Will not fix", "package_name": "rubygem-i18n", "product_name": "Red Hat Subscription Asset Manager"}], "public_date": "2015-07-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-10077\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-10077"], "statement": "Red Hat Satellite 6.2 is now in Maintenance support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite Product Life Cycle: https://access.redhat.com/support/policy/updates/satellite\nRed Hat Satellite 6.3 and 6.4 don't include vulnerable package tfm-rubygem-i18n, hence are not affected by this flaw.\nSubscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates.", "threat_severity": "Low"}

{}