Candidate: CVE-2014-10077
PublicDate: 2018-11-06 15:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10077
 https://github.com/rubysec/ruby-advisory-db/pull/182/files
 https://github.com/svenfuchs/i18n/pull/289
 https://github.com/svenfuchs/i18n/releases/tag/v0.8.0
Description:
 Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for
 Ruby allows remote attackers to cause a denial of service (application
 crash) via a call in a situation where :some_key is present in keep_keys
 but not present in the hash.
Ubuntu-Description:
 It was discovered that Ruby I18n did not properly handle certain input. An
 attacker could use this vulnerability to cause a denial of service (crash).
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_ruby-i18n:
upstream_ruby-i18n: needs-triage
precise/esm_ruby-i18n: DNE
trusty_ruby-i18n: ignored (reached end-of-life)
trusty/esm_ruby-i18n: DNE (trusty was needs-triage)
xenial_ruby-i18n: ignored (end of standard support, was needed)
bionic_ruby-i18n: needed
cosmic_ruby-i18n: ignored (reached end-of-life)
disco_ruby-i18n: not-affected (0.7.0-3)
eoan_ruby-i18n: not-affected (0.7.0-3)
focal_ruby-i18n: not-affected (0.7.0-3)
groovy_ruby-i18n: not-affected (0.7.0-3)
hirsute_ruby-i18n: not-affected (0.7.0-3)
impish_ruby-i18n: not-affected (0.7.0-3)
jammy_ruby-i18n: not-affected (0.7.0-3)
devel_ruby-i18n: not-affected (0.7.0-3)