1
PublicDateAtUSN: 2018-04-03
2
Candidate: CVE-2018-8777
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777
6
https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/
7
https://usn.ubuntu.com/usn/usn-3685-1
9
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before
10
2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a
11
crafted header to WEBrick server or a crafted body to WEBrick
12
server/handler and cause a denial of service (memory consumption).
21
upstream_ruby1.9.1: needs-triage
22
precise/esm_ruby1.9.1: DNE
23
trusty_ruby1.9.1: released (1.9.3.484-2ubuntu1.12)
30
upstream_ruby2.0: needs-triage
31
precise/esm_ruby2.0: DNE
32
trusty_ruby2.0: released (2.0.0.484-1ubuntu2.10)
39
upstream_ruby2.3: needs-triage
40
precise/esm_ruby2.3: DNE
42
xenial_ruby2.3: released (2.3.1-2~16.04.10)
43
artful_ruby2.3: released (2.3.3-1ubuntu1.6)
48
upstream_ruby2.5: needs-triage
49
precise/esm_ruby2.5: DNE
53
bionic_ruby2.5: released (2.5.1-1)
54
devel_ruby2.5: released (2.5.1-1)