CVE-2014-10077
Description
Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The i18n gem for Ruby before 0.8.0 has a denial-of-service vulnerability in Hash#slice when a key in keep_keys is missing from the hash.
Vulnerability
The Hash#slice method in lib/i18n/core_ext/hash.rb of the i18n gem (versions before 0.8.0) for Ruby crashes the application when called with a keep_keys array containing a key that does not exist in the original hash. This is due to the method not checking for key existence before attempting to access it. Affected versions: all prior to 0.8.0. [1][3]
Exploitation
An attacker can trigger this vulnerability by providing input that causes the application to call Hash#slice with a keep_keys parameter that includes a key not present in the hash. No authentication or special privileges are required if the application exposes this functionality to user input. The attack does not require user interaction beyond normal usage. [1][3]
Impact
Successful exploitation results in a denial of service (application crash). The vulnerability does not lead to information disclosure, privilege escalation, or remote code execution. The impact is limited to availability. [1][4]
Mitigation
The fix was released in i18n version 0.8.0 on January 10, 2015. Users should upgrade to 0.8.0 or later. No workarounds are documented. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog. [3][4]
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
i18nRubyGems | < 0.8.0 | 0.8.0 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- github.com/advisories/GHSA-34hf-g744-jw64ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-10077ghsaADVISORY
- github.com/ruby-i18n/i18n/pull/250/commits/08293a41b34e93824563ca0f5b9b97e7451b6387ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/i18n/CVE-2014-10077.ymlghsaWEB
- github.com/rubysec/ruby-advisory-db/pull/182/filesghsax_refsource_MISCWEB
- github.com/svenfuchs/i18n/pull/289ghsax_refsource_MISCWEB
- github.com/svenfuchs/i18n/releases/tag/v0.8.0ghsax_refsource_MISCWEB
- lists.debian.org/debian-lts-announce/2018/11/msg00021.htmlghsamailing-listx_refsource_MLISTWEB
News mentions
0No linked articles in our index yet.