CVE-2018-3759
N/A
N/A
Summary
private_address_check ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the socket uses not being checked. DNS entries with a TTL of 0 can trigger this case where the initial resolution is a public address but the subsequent resolution is a private address.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HackerOne | private_address_check ruby gem | 0.5.0 | affected |
Weaknesses
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.