// For flags

CVE-2018-8780

ruby: Unintentional directory traversal by poisoned NULL byte in Dir

Severity Score

9.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.

En Ruby, en versiones anteriores a la 2.2.10, versiones 2.3.x anteriores a la 2.3.7, versiones 2.4.x anteriores a la 2.4.4, versiones 2.5.x anteriores a la 2.5.1 y la versión 2.6.0-preview1, los métodos Dir.open, Dir.new, Dir.entries y Dir.empty? no comprueban los caracteres NULL. Al emplear el método correspondiente, podría realizarse un salto de directorio no intencionado.

It was found that the methods from the Dir class did not properly handle strings containing the NULL byte. An attacker, able to inject NULL bytes in a path, could possibly trigger an unspecified behavior of the ruby script.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-03-19 CVE Reserved
  • 2018-03-30 CVE Published
  • 2024-07-07 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (22)
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
< 2.2.10
Search vendor "Ruby-lang" for product "Ruby" and version " < 2.2.10"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
>= 2.3.0 < 2.3.7
Search vendor "Ruby-lang" for product "Ruby" and version " >= 2.3.0 < 2.3.7"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
>= 2.4.0 < 2.4.4
Search vendor "Ruby-lang" for product "Ruby" and version " >= 2.4.0 < 2.4.4"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
>= 2.5.0 < 2.5.1
Search vendor "Ruby-lang" for product "Ruby" and version " >= 2.5.0 < 2.5.1"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
Ruby
Search vendor "Ruby-lang" for product "Ruby"
2.6.0
Search vendor "Ruby-lang" for product "Ruby" and version "2.6.0"
preview1
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
14.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"
lts
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
16.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"
lts
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
17.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "17.10"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
7.0
Search vendor "Debian" for product "Debian Linux" and version "7.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
8.0
Search vendor "Debian" for product "Debian Linux" and version "8.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
9.0
Search vendor "Debian" for product "Debian Linux" and version "9.0"
-
Affected