CVE-2018-8777
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-8777
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Ruby WEBrick 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Ruby是日本软件开发者松本行弘所研发的一种跨平台、面向对象的动态类型编程语言。WEBrick是其中的一个HTTP服务器组件。 Ruby中的WEBrick组件存在资源管理错误漏洞。远程攻击者可通过发送带有特制包头或主体的较大请求利用该漏洞造成拒绝服务(内存资源耗尽)。以下版本受到影响:Ruby 2.2.10之前的版本,2.3.7之前的2.3.x版本,2.4.4之前的2.4.x版本,2.5.1之前的2.5.x版本,2.6.0-preview1版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2018-8777
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2018-8777
请登录查看更多情报信息。
- https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/x_refsource_CONFIRM
- https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/x_refsource_CONFIRM
- https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/x_refsource_CONFIRM
- https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/x_refsource_CONFIRM
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.htmlvendor-advisoryx_refsource_SUSE
- https://nvd.nist.gov/vuln/detail/CVE-2018-8777
Same Patch Batch · n/a · 2018-04-03 · 134 CVEs total
| CVE-2018-4129 | 多款Apple产品WebKit 安全漏洞 | |
| CVE-2018-4148 | Apple iOS Telephony 缓冲区错误漏洞 | |
| CVE-2018-4146 | 多款Apple产品WebKit 安全漏洞 | |
| CVE-2018-4144 | 多款Apple产品Security 缓冲区错误漏洞 | |
| CVE-2018-4143 | 多款Apple产品Kernel 安全漏洞 | |
| CVE-2018-4142 | 多款Apple产品CoreText 安全漏洞 | |
| CVE-2018-4140 | Apple iOS Telephony 安全漏洞 | |
| CVE-2018-4139 | Apple macOS High Sierra kext tools 安全漏洞 | |
| CVE-2018-4138 | Apple macOS High Sierra NVIDIA Graphics Drivers 安全漏洞 | |
| CVE-2018-4137 | Apple Safar和iOS Safari Login AutoFill 安全漏洞 | |
| CVE-2018-4136 | Apple macOS High Sierra Kernel 安全漏洞 | |
| CVE-2018-4135 | Apple macOS High Sierra IOFireWireFamily 安全漏洞 | |
| CVE-2018-4134 | Apple iOS Safari 安全漏洞 | |
| CVE-2018-4133 | Apple Safari WebKit 跨站脚本漏洞 | |
| CVE-2018-4132 | Apple macOS High Sierra Intel Graphics Driver 安全漏洞 | |
| CVE-2018-4131 | Apple iOS和macOS High Sierra WindowServer 安全漏洞 | |
| CVE-2018-4130 | 多款Apple产品WebKit 安全漏洞 | |
| CVE-2018-4118 | 多款Apple产品WebKit 安全漏洞 | |
| CVE-2018-4116 | Apple Safari 安全漏洞 | |
| CVE-2018-4117 | 多款Apple产品WebKit 安全漏洞 |
Showing top 20 of 134 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
V. Comments for CVE-2018-8777
No comments yet