{ "threat_severity" : "Low", "public_date" : "2015-07-20T00:00:00Z", "bugzilla" : { "description" : "rubygem-i18n: denial of service in Hash#slice in lib/i18n/core_ext/hash.rb", "id" : "1647431", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1647431" }, "cvss3" : { "cvss3_base_score" : "5.3", "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status" : "draft" }, "cwe" : "CWE-400", "details" : [ "Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash." ], "statement" : "Red Hat Satellite 6.2 is now in Maintenance support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite Product Life Cycle: https://access.redhat.com/support/policy/updates/satellite\nRed Hat Satellite 6.3 and 6.4 don't include vulnerable package tfm-rubygem-i18n, hence are not affected by this flaw.\nSubscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates.", "package_state" : [ { "product_name" : "Red Hat OpenShift Container Platform 3.10", "fix_state" : "Not affected", "package_name" : "rubygem-i18n", "cpe" : "cpe:/a:redhat:openshift:3.10" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Not affected", "package_name" : "rubygem-i18n", "cpe" : "cpe:/a:redhat:openshift:3.11" }, { "product_name" : "Red Hat OpenShift Container Platform 3.2", "fix_state" : "Will not fix", "package_name" : "rubygem-i18n", "cpe" : "cpe:/a:redhat:openshift:3.2" }, { "product_name" : "Red Hat OpenShift Container Platform 3.3", "fix_state" : "Will not fix", "package_name" : "rubygem-i18n", "cpe" : "cpe:/a:redhat:openshift:3.3" }, { "product_name" : "Red Hat OpenShift Container Platform 3.4", "fix_state" : "Will not fix", "package_name" : "rubygem-i18n", "cpe" : "cpe:/a:redhat:openshift:3.4" }, { "product_name" : "Red Hat OpenShift Container Platform 3.5", "fix_state" : "Will not fix", "package_name" : "rubygem-i18n", "cpe" : "cpe:/a:redhat:openshift:3.5" }, { "product_name" : "Red Hat OpenShift Container Platform 3.6", "fix_state" : "Not affected", "package_name" : "rubygem-i18n", "cpe" : "cpe:/a:redhat:openshift:3.6" }, { "product_name" : "Red Hat OpenShift Container Platform 3.7", "fix_state" : "Not affected", "package_name" : "rubygem-i18n", "cpe" : "cpe:/a:redhat:openshift:3.7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.9", "fix_state" : "Not affected", "package_name" : "rubygem-i18n", "cpe" : "cpe:/a:redhat:openshift:3.9" }, { "product_name" : "Red Hat OpenShift Enterprise 3.1", "fix_state" : "Will not fix", "package_name" : "rubygem-i18n", "cpe" : "cpe:/a:redhat:openshift:3.1" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Will not fix", "package_name" : "tfm-rubygem-i18n", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Software Collections", "fix_state" : "Will not fix", "package_name" : "rh-ror42-rubygem-i18n", "cpe" : "cpe:/a:redhat:rhel_software_collections:3" }, { "product_name" : "Red Hat Software Collections", "fix_state" : "Will not fix", "package_name" : "rh-ror50-rubygem-i18n", "cpe" : "cpe:/a:redhat:rhel_software_collections:3" }, { "product_name" : "Red Hat Storage 3", "fix_state" : "Affected", "package_name" : "rubygem-i18n", "cpe" : "cpe:/a:redhat:storage:3" }, { "product_name" : "Red Hat Subscription Asset Manager", "fix_state" : "Will not fix", "package_name" : "ruby193-rubygem-i18n", "cpe" : "cpe:/a:rhel_sam:1" }, { "product_name" : "Red Hat Subscription Asset Manager", "fix_state" : "Will not fix", "package_name" : "rubygem-i18n", "cpe" : "cpe:/a:rhel_sam:1" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-10077\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-10077" ], "name" : "CVE-2014-10077", "csaw" : false }