CVE-2018-1000075
- Source
- https://cve.org/CVERecord?id=CVE-2018-1000075
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1000075.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-1000075
- Aliases
- Downstream
- Related
- Published
- 2018-03-13T15:29:00.550Z
- Modified
- 2026-03-14T14:27:28.704060Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6.
- References
-
- https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
- https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html
- https://lists.debian.org/debian-lts-announce/2019/05/msg00028.html
- https://usn.ubuntu.com/3621-1/
- https://access.redhat.com/errata/RHSA-2018:3729
- https://access.redhat.com/errata/RHSA-2018:3731
- https://access.redhat.com/errata/RHSA-2019:2028
- https://access.redhat.com/errata/RHSA-2020:0591
- https://access.redhat.com/errata/RHSA-2020:0663
- https://lists.debian.org/debian-lts-announce/2018/04/msg00000.html
- https://access.redhat.com/errata/RHSA-2020:0542
- https://lists.debian.org/debian-lts-announce/2018/04/msg00001.html
- https://www.debian.org/security/2018/dsa-4259
- http://blog.rubygems.org/2018/02/15/2.7.6-released.html
- https://www.debian.org/security/2018/dsa-4219
- https://access.redhat.com/errata/RHSA-2018:3730
- https://github.com/rubygems/rubygems/commit/92e98bf8f810bd812f919120d4832df51bc25d83
Affected packages
Git / github.com/ruby/rubygems
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ruby/rubygems
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/rubygems/rubygems
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "2.2.9" }, { "introduced": "0" }, { "last_affected": "2.3.6" }, { "introduced": "0" }, { "last_affected": "2.4.3" }, { "introduced": "0" }, { "last_affected": "2.5.0" } ] }
Affected versions
bundler-v2.*
bundler-v2.2.0
bundler-v2.2.0.rc.1
bundler-v2.2.0.rc.2
bundler-v2.2.1
bundler-v2.2.2
bundler-v2.2.3
bundler-v2.2.4
bundler-v2.2.5
bundler-v2.2.6
bundler-v2.2.7
bundler-v2.2.8
bundler-v2.2.9
bundler-v2.3.0
bundler-v2.3.1
bundler-v2.3.2
bundler-v2.3.3
bundler-v2.3.4
bundler-v2.3.5
bundler-v2.3.6
v1.*
v1.5.0
v1.5.1
v1.5.2
v1.6.0
v1.6.1
v1.6.2
v1.7.0
v1.7.1
v1.8.0
v1.8.1
v1.8.2
v2.*
v2.0.0
v2.0.0.preview2
v2.0.0.preview2.1
v2.0.0.preview2.2
v2.0.0.rc.1
v2.0.0.rc.2
v2.0.1
v2.0.2
v2.0.3
v2.1.0
v2.1.0.rc.1
v2.1.0.rc.2
v2.1.1
v2.1.2
v2.1.3
v2.2.0.preview.1
v2.2.0.rc.1
v2.2.1
v2.3.0
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.5.0
v2.5.1
v2.5.2
v2.6.0
v2.6.1
v2.6.10
v2.6.11
v2.6.12
v2.6.13
v2.6.14
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.6.6
v2.6.7
v2.6.8
v2.6.9
v2.7.0
v2.7.1
v2.7.10
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.7.6
v2.7.7
v2.7.8
v2.7.9
v3.*
v3.0.0
v3.0.0.beta1
v3.0.0.beta3
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.1.0.pre1
v3.2.0
v3.2.0.rc.1
v3.2.1
v3.2.2
v3.2.3
v3.2.4
v3.2.5
v3.2.6
v3.2.7
v3.2.8
v3.2.9
v3.3.0
v3.3.1
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6