ruby -- BigDecimal denial of service vulnerability

2009-06-09T00:00:00
ID 62E0FBE5-5798-11DE-BB78-001CC0377035
Type freebsd
Reporter FreeBSD
Modified 2010-05-02T00:00:00

Description

The official ruby site reports:

A denial of service (DoS) vulnerability was found on the BigDecimal standard library of Ruby. Conversion from BigDecimal objects into Float numbers had a problem which enables attackers to effectively cause segmentation faults. An attacker can cause a denial of service by causing BigDecimal to parse an insanely large number, such as: BigDecimal("9E69999999").to_s("F")