Gentoo FoundationGLSA-200411-23Ruby: Denial of Service issue
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.024 Low
EPSS
Percentile
89.9%
Background
Ruby is an interpreted scripting language for quick and easy object-oriented programming. Ruby’s CGI module can be used to build web applications.
Description
Ruby’s developers found and fixed an issue in the CGI module that can be triggered remotely and cause an infinite loop.
Impact
A remote attacker could trigger the vulnerability through an exposed Ruby web application and cause the server to use unnecessary CPU resources, potentially resulting in a Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All Ruby 1.6.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.6.8-r12"
All Ruby 1.8.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.2_pre3"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | dev-lang/ruby | < 1.8.2_pre3 | UNKNOWN |
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.024 Low
EPSS
Percentile
89.9%