Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2024-41946HistoryAug 01, 2024 - 3:15 p.m.
CVE-2024-41946
2024-08-0115:15:14
Debian Security Bug Tracker
security-tracker.debian.org
2
rexml
xml parsing
dos vulnerability
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7
Confidence
Low
EPSS
0.001
Percentile
23.8%
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 11 | all | ruby2.7 | <= 2.7.4-1+deb11u1 | ruby2.7_2.7.4-1+deb11u1_all.deb |
| Debian | 12 | all | ruby3.1 | <= 3.1.2-7+deb12u1 | ruby3.1_3.1.2-7+deb12u1_all.deb |
| Debian | 999 | all | ruby3.1 | <= 3.1.2-8.4 | ruby3.1_3.1.2-8.4_all.deb |
| Debian | 13 | all | ruby3.1 | <= 3.1.2-8.4 | ruby3.1_3.1.2-8.4_all.deb |
| Debian | 999 | all | ruby3.2 | <= 3.2.3-1 | ruby3.2_3.2.3-1_all.deb |
| Debian | 999 | all | ruby3.3 | < 3.3.5-1 | ruby3.3_3.3.5-1_all.deb |
| Debian | 13 | all | ruby3.3 | < 3.3.5-1 | ruby3.3_3.3.5-1_all.deb |
Related
redhatcve
redhatcve
CVE-2024-41946
2024-08-05 13:19:00
osv
osv
CGA-v98j-mcmh-g897
2024-08-13 09:04:45
CVE-2024-41946
2024-08-01 15:15:14
CGA-vh8v-w8jp-44vq
2024-08-13 14:04:56
vulnrichment
vulnrichment
CVE-2024-41946 REXML DoS vulnerability
2024-08-01 14:22:14
nvd
nvd
CVE-2024-41946
2024-08-01 15:15:14
github
github
REXML DoS vulnerability
2024-08-02 12:33:15
veracode
veracode
Denial Of Service (DoS)
2024-08-07 09:46:22
cvelist
cvelist
CVE-2024-41946 REXML DoS vulnerability
2024-08-01 14:22:14
wolfi
wolfi
CVE-2024-41946 vulnerabilities
2024-09-19 21:18:36
alpinelinux
alpinelinux
CVE-2024-41946
2024-08-01 15:15:14
rubygems
rubygems
DoS vulnerabilities in REXML
2024-07-31 21:00:00
cve
cve
CVE-2024-41946
2024-08-01 15:15:14
almalinux
almalinux
Moderate: pcs security update
2024-09-16 00:00:00
nessus
nessus
RHEL 8 : pcs (RHSA-2024:6670)
2024-09-16 00:00:00
Rocky Linux 8 : pcs (RLSA-2024:6670)
2024-09-16 00:00:00
AlmaLinux 8 : pcs (ALSA-2024:6670)
2024-09-17 00:00:00
redos
redos
ROS-20240918-12
2024-09-18 00:00:00
redhat
redhat
(RHSA-2024:6702) Moderate: pcs security update
2024-09-16 18:03:09
(RHSA-2024:6703) Moderate: pcs security update
2024-09-16 18:03:16
(RHSA-2024:6670) Moderate: pcs security update
2024-09-16 00:57:19
rocky
rocky
pcs security update
2024-09-17 00:54:57
oraclelinux
oraclelinux
pcs security update
2024-09-16 00:00:00
ruby:3.3 security update
2024-09-19 00:00:00
ibm
ibm
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7
Confidence
Low
EPSS
0.001
Percentile
23.8%
Related for DEBIANCVE:CVE-2024-41946