Description

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6.

Remediation

References

CVE-2018-1000075

Related Vulnerabilities

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3383)

WordPress Plugin Chamber Dashboard Member Manager Cross-Site Scripting (2.0.5)

WordPress Plugin Leaflet Maps Marker Pro (Google Maps, OpenStreetMap, Bing Maps) Multiple Cross-Site Scripting Vulnerabilities (2.3)

WordPress Plugin Fitness Trainer-Training Membership Cross-Site Scripting (1.0.8)

Apache HTTP Server CVE-2013-5704 Vulnerability (CVE-2013-5704)

Severity

High

Classification

CVE-2018-1000075 CWE-835 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities