Vulnerability identifier: #VU11649
Vulnerability risk: Low
Exploitation vector: Network
Exploit availability: No
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in ruby gem package tar header due to infinite loop. A remote attacker can cause the service to crash.
Update to version 2.7.6.
Vulnerable software versions
Ruby: 2.2.0 - 2.5.0
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?