CVE-2018-1000075

Loop with Unreachable Exit Condition ('Infinite Loop') in maven/org.jruby/jruby-stdlib

Identifiers

GHSA-74pv-v9gh-h25p, CVE-2018-1000075

Package Slug

maven/org.jruby/jruby-stdlib

Vulnerability

Loop with Unreachable Exit Condition ('Infinite Loop')

Description

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6.

Affected Versions

All versions before 9.1.16.0

Solution

Upgrade to version 9.1.16.0 or above.

Last Modified

2023-03-10

source