Lucene search

FreeBSD742EB9E4-E3CB-4F5A-B94E-0E9A39420600

HistorySep 24, 2013 - 12:00 a.m.

ruby-gems -- Algorithmic Complexity Vulnerability

2013-09-2400:00:00

vuxml.freebsd.org

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

77.1%

JSON

Ruby Gem developers report:

The patch for CVE-2013-4363 was insufficiently verified so the
combined regular expression for verifying gem version remains
vulnerable following CVE-2013-4363.
RubyGems validates versions with a regular expression that is
vulnerable to denial of service due to backtracking. For specially
crafted RubyGems versions attackers can cause denial of service
through CPU consumption.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchruby19-gems< 1.8.27UNKNOWN
FreeBSDanynoarchruby20-gems< 1.8.27UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	ruby19-gems	< 1.8.27	UNKNOWN
FreeBSD	any	noarch	ruby20-gems	< 1.8.27	UNKNOWN

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

77.1%

JSON

Related for 742EB9E4-E3CB-4F5A-B94E-0E9A39420600