CVE-2018-8780

CVE-2018-8780

Name

CVE-2018-8780

Description

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Patch	https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/
Patch	https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/
Patch	https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/
Patch	https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/
Vendor Advisory	https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/
Third Party Advisory	http://www.securityfocus.com/bid/103739
Third Party Advisory	https://usn.ubuntu.com/3626-1/
Mailing List	https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html
Mailing List	https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html
Mailing List	https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html
Third Party Advisory	https://www.debian.org/security/2018/dsa-4259
Third Party Advisory	http://www.securitytracker.com/id/1042004
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:3731
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:3730
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:3729
SUSE	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
REDHAT	https://access.redhat.com/errata/RHSA-2019:2028
REDHAT	https://access.redhat.com/errata/RHSA-2020:0542
REDHAT	https://access.redhat.com/errata/RHSA-2020:0591
REDHAT	https://access.redhat.com/errata/RHSA-2020:0663

Type

URI

Patch

https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/

Patch

https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/

Patch

https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/

Patch

https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/

Vendor Advisory

https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/

Third Party Advisory

http://www.securityfocus.com/bid/103739

Third Party Advisory

https://usn.ubuntu.com/3626-1/

Mailing List

https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html

Mailing List

https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html

Mailing List

https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html

Third Party Advisory

https://www.debian.org/security/2018/dsa-4259

Third Party Advisory

http://www.securitytracker.com/id/1042004

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3731

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3730

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3729

SUSE

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html

REDHAT

https://access.redhat.com/errata/RHSA-2019:2028

REDHAT

https://access.redhat.com/errata/RHSA-2020:0542

REDHAT

https://access.redhat.com/errata/RHSA-2020:0591

REDHAT

https://access.redhat.com/errata/RHSA-2020:0663

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:ruby-lang:ruby::::::::`	ruby	>= 2.5.0	< 2.5.1
`cpe:2.3:a:ruby-lang:ruby::::::::`	ruby	>= None	< 2.2.10
`cpe:2.3:a:ruby-lang:ruby::::::::`	ruby	>= 2.3.0	< 2.3.7
`cpe:2.3:a:ruby-lang:ruby::::::::`	ruby	>= 2.4.0	< 2.4.4
`cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1::::::`	ruby	== None	== 2.6.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*

ruby

>= 2.5.0

< 2.5.1

cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*

ruby

>= None

< 2.2.10

cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*

ruby

>= 2.3.0

< 2.3.7

cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*

ruby

>= 2.4.0

< 2.4.4

cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1:*:*:*:*:*:*

ruby

== None

== 2.6.0

References

Match rules

Vulnerable and fixed packages