CVE-2018-1000075: Loop with Unreachable Exit Condition (Infinite Loop)

March 13, 2018 (updated October 3, 2019)

RubyGems contains an infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.

References

blog.rubygems.org/2018/02/15/2.7.6-released.html
nvd.nist.gov/vuln/detail/CVE-2018-1000075

Code Behaviors & Features

Detect and mitigate CVE-2018-1000075 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →