Lucene search
AmazonALAS-2013-248HistoryNov 22, 2013 - 9:42 p.m.
Critical: ruby
2013-11-2221:42:00
alas.aws.amazon.com
15
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.045 Low
EPSS
Percentile
92.4%
Issue Overview:
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.
Affected Packages:
ruby
Issue Correction:
Run yum update ruby to update your system.
New Packages:
i686:
ruby-debuginfo-1.8.7.374-2.11.amzn1.i686
ruby-devel-1.8.7.374-2.11.amzn1.i686
ruby-1.8.7.374-2.11.amzn1.i686
ruby-libs-1.8.7.374-2.11.amzn1.i686
ruby-static-1.8.7.374-2.11.amzn1.i686
ruby-ri-1.8.7.374-2.11.amzn1.i686
noarch:
ruby-rdoc-1.8.7.374-2.11.amzn1.noarch
ruby-irb-1.8.7.374-2.11.amzn1.noarch
src:
ruby-1.8.7.374-2.11.amzn1.src
x86_64:
ruby-debuginfo-1.8.7.374-2.11.amzn1.x86_64
ruby-devel-1.8.7.374-2.11.amzn1.x86_64
ruby-libs-1.8.7.374-2.11.amzn1.x86_64
ruby-ri-1.8.7.374-2.11.amzn1.x86_64
ruby-static-1.8.7.374-2.11.amzn1.x86_64
ruby-1.8.7.374-2.11.amzn1.x86_64
Additional References
Red Hat: CVE-2013-4164
Mitre: CVE-2013-4164
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | ruby-debuginfo | < 1.8.7.374-2.11.amzn1 | ruby-debuginfo-1.8.7.374-2.11.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | ruby-devel | < 1.8.7.374-2.11.amzn1 | ruby-devel-1.8.7.374-2.11.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | ruby | < 1.8.7.374-2.11.amzn1 | ruby-1.8.7.374-2.11.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | ruby-libs | < 1.8.7.374-2.11.amzn1 | ruby-libs-1.8.7.374-2.11.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | ruby-static | < 1.8.7.374-2.11.amzn1 | ruby-static-1.8.7.374-2.11.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | ruby-ri | < 1.8.7.374-2.11.amzn1 | ruby-ri-1.8.7.374-2.11.amzn1.i686.rpm |
| Amazon Linux | 1 | noarch | ruby-rdoc | < 1.8.7.374-2.11.amzn1 | ruby-rdoc-1.8.7.374-2.11.amzn1.noarch.rpm |
| Amazon Linux | 1 | noarch | ruby-irb | < 1.8.7.374-2.11.amzn1 | ruby-irb-1.8.7.374-2.11.amzn1.noarch.rpm |
| Amazon Linux | 1 | x86_64 | ruby-debuginfo | < 1.8.7.374-2.11.amzn1 | ruby-debuginfo-1.8.7.374-2.11.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | ruby-devel | < 1.8.7.374-2.11.amzn1 | ruby-devel-1.8.7.374-2.11.amzn1.x86_64.rpm |
Related
nessus
nessus
openSUSE Security Update : ruby19 (openSUSE-SU-2013:1835-1)
2014-06-13 00:00:00
Scientific Linux Security Update : ruby on SL6.x i386/x86_64 (20131125)
2013-12-04 00:00:00
CentOS 6 : ruby (CESA-2013:1764)
2014-11-12 00:00:00
oraclelinux
oraclelinux
ruby security update
2013-11-26 00:00:00
mageia
mageia
Updated ruby package fixes security vulnerability
2014-01-06 05:02:29
openvas
openvas
RedHat Update for ruby RHSA-2013:1764-01
2013-11-26 00:00:00
Debian: Security Advisory (DSA-2810-1)
2013-12-03 00:00:00
Oracle: Security Advisory (ELSA-2013-1764)
2015-10-06 00:00:00
redhat
redhat
(RHSA-2013:1763) Critical: ruby193-ruby security update
2013-11-25 00:00:00
(RHSA-2013:1767) Critical: ruby security update
2013-11-26 00:00:00
(RHSA-2014:0011) Critical: ruby193-ruby security update
2014-01-07 00:00:00
cve
cve
CVE-2013-4164
2013-11-23 19:55:00
freebsd
freebsd
ruby -- Heap Overflow in Floating Point Parsing
2013-11-22 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: ruby-2.0.0.353-16.fc20
2013-12-14 02:48:01
[SECURITY] Fedora 19 Update: ruby-2.0.0.353-16.fc19
2013-12-04 07:01:16
[SECURITY] Fedora 18 Update: ruby-1.9.3.484-32.fc18
2013-12-11 02:01:24
debian
debian
[SECURITY] [DSA 2810-1] ruby1.9.1 security update
2013-12-04 22:29:52
[SECURITY] [DSA 2810-1] ruby1.9.1 security update
2013-12-04 22:29:52
[SECURITY] [DSA 2809-1] ruby1.8 security update
2013-12-04 21:28:11
f5
f5
K15152 : Ruby vulnerability CVE-2013-4164
2014-04-10 00:00:00
SOL15152 - Ruby vulnerability CVE-2013-4164
2014-04-10 00:00:00
prion
prion
Heap overflow
2013-11-23 19:55:00
amazon
amazon
Critical: ruby19
2013-11-22 21:42:00
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 08:52:12
Arbitrary Code Execution
2019-05-02 05:01:21
securityvulns
securityvulns
APPLE-SA-2014-15-20-1 OS X Server 3.1.2
2014-05-29 00:00:00
Ruby security vulnerabilities
2014-05-29 00:00:00
[USN-2035-1] Ruby vulnerabilities
2013-12-01 00:00:00
suse
suse
Security update for ruby19 (critical)
2013-12-17 00:04:23
Security update for ruby (critical)
2013-12-05 18:04:15
centos
centos
ruby security update
2013-11-26 13:37:12
slackware
slackware
[slackware-security] ruby
2013-12-17 03:50:10
ubuntucve
ubuntucve
CVE-2013-4164
2013-11-22 00:00:00
rubygems
rubygems
CVE-2013-4164 ruby: heap overflow in floating point parsing
2013-11-22 00:00:00
hackerone
hackerone
Ruby: Ruby: Heap Overflow in Floating Point Parsing
2013-11-22 00:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2013-11-27 00:00:00
ibm
ibm
osv
osv
ruby1.8 - several
2013-12-04 00:00:00
gentoo
gentoo
Ruby: Denial of service
2014-12-13 00:00:00
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.045 Low
EPSS
Percentile
92.4%
Related for ALAS-2013-248