{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-07T03:57:51.002","vulnerabilities":[{"cve":{"id":"CVE-2018-1000075","sourceIdentifier":"cve@mitre.org","published":"2018-03-13T15:29:00.550","lastModified":"2024-11-21T03:39:34.930","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6."},{"lang":"es","value":"Las versiones de RubyGems de la serie Ruby 2.2: 2.2.9 y anteriores, de la serie Ruby 2.3: 2.3.6 y anteriores, de la serie Ruby 2.4: 2.4.3 y anteriores, y de la serie Ruby 2.5: versiones 2.5.0 y anteriores, anteriores a la revisión del trunk 62422 contiene un bucle infinito provocado por una vulnerabilidad de tamaño negativo en la cabecera tar del paquete de ruby gem que puede resultar en un tamaño negativo que desemboque en un bucle infinito. La vulnerabilidad parece haber sido solucionada en la versión 2.7.6."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.9","matchCriteriaId":"BEE89FF0-0079-4DF5-ACFC-E1B5415E54F4"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*","versionEndIncluding":"2.3.6","matchCriteriaId":"8080FB82-5445-4A17-9ECB-806991906E80"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*","versionEndIncluding":"2.4.3","matchCriteriaId":"CCBC38C5-781E-4998-877D-42265F1DBD05"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*","versionEndIncluding":"2.5.0","matchCriteriaId":"6ACE6376-2E27-4F56-9315-03367963DB09"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"16F59A04-14CF-49E2-9973-645477EA09DA"}]}]}],"references":[{"url":"http://blog.rubygems.org/2018/02/15/2.7.6-released.html","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2018:3729","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2018:3730","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2018:3731","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2019:2028","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2020:0542","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2020:0591","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2020:0663","source":"cve@mitre.org"},{"url":"https://github.com/rubygems/rubygems/commit/92e98bf8f810bd812f919120d4832df51bc25d83","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00000.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00001.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html","source":"cve@mitre.org"},{"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html","source":"cve@mitre.org"},{"url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00028.html","source":"cve@mitre.org"},{"url":"https://usn.ubuntu.com/3621-1/","source":"cve@mitre.org"},{"url":"https://www.debian.org/security/2018/dsa-4219","source":"cve@mitre.org"},{"url":"https://www.debian.org/security/2018/dsa-4259","source":"cve@mitre.org"},{"url":"http://blog.rubygems.org/2018/02/15/2.7.6-released.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2018:3729","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2018:3730","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2018:3731","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2019:2028","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2020:0542","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2020:0591","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2020:0663","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/rubygems/rubygems/commit/92e98bf8f810bd812f919120d4832df51bc25d83","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00000.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00028.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/3621-1/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.debian.org/security/2018/dsa-4219","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.debian.org/security/2018/dsa-4259","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}