4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
72.8%
Package : ruby1.9.1
Version : 1.9.2.0-2+deb6u4
CVE ID : CVE-2011-0188 CVE-2011-2705 CVE-2012-4522 CVE-2013-0256
CVE-2013-2065 CVE-2015-1855
CVE-2011-0188
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in
Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7
and other platforms, does not properly allocate memory, which allows
context-dependent attackers to execute arbitrary code or cause a
denial of service (application crash) via vectors involving creation
of a large BigDecimal value within a 64-bit process, related to an
"integer truncation issue."
CVE-2011-2705
use upstream SVN r32050 to modify PRNG state to prevent random number
sequence repeatation at forked child process which has same pid.
Reported by Eric Wong.
CVE-2012-4522
The rb_get_path_check function in file.c in Ruby 1.9.3 before
patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent
attackers to create files in unexpected locations or with unexpected
names via a NUL byte in a file path.
CVE-2013-0256
darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before
4.0.0.preview2.1, as used in Ruby, does not properly generate
documents, which allows remote attackers to conduct cross-site
scripting (XSS) attacks via a crafted URL.
CVE-2013-2065
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426,
and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for
native functions, which allows context-dependent attackers to bypass
intended $SAFE level restrictions.
CVE-2015-1855
OpenSSL extension hostname matching implementation violates RFC 6125
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | amd64 | ruby1.9.1-dev | <Β 1.9.2.0-2+deb6u4 | ruby1.9.1-dev_1.9.2.0-2+deb6u4_amd64.deb |
Debian | 6 | i386 | ruby1.9.1 | <Β 1.9.2.0-2+deb6u4 | ruby1.9.1_1.9.2.0-2+deb6u4_i386.deb |
Debian | 6 | i386 | libruby1.9.1 | <Β 1.9.2.0-2+deb6u4 | libruby1.9.1_1.9.2.0-2+deb6u4_i386.deb |
Debian | 6 | amd64 | libtcltk-ruby1.9.1 | <Β 1.9.2.0-2+deb6u4 | libtcltk-ruby1.9.1_1.9.2.0-2+deb6u4_amd64.deb |
Debian | 6 | all | ruby1.9.1-full | <Β 1.9.2.0-2+deb6u4 | ruby1.9.1-full_1.9.2.0-2+deb6u4_all.deb |
Debian | 6 | all | ruby1.9.1-examples | <Β 1.9.2.0-2+deb6u4 | ruby1.9.1-examples_1.9.2.0-2+deb6u4_all.deb |
Debian | 6 | amd64 | libruby1.9.1-dbg | <Β 1.9.2.0-2+deb6u4 | libruby1.9.1-dbg_1.9.2.0-2+deb6u4_amd64.deb |
Debian | 6 | i386 | ruby1.9.1-dev | <Β 1.9.2.0-2+deb6u4 | ruby1.9.1-dev_1.9.2.0-2+deb6u4_i386.deb |
Debian | 6 | all | ruby1.9.1 | <Β 1.9.2.0-2+deb6u4 | ruby1.9.1_1.9.2.0-2+deb6u4_all.deb |
Debian | 6 | all | ri1.9.1 | <Β 1.9.2.0-2+deb6u4 | ri1.9.1_1.9.2.0-2+deb6u4_all.deb |