5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.126 Low
EPSS
Percentile
94.7%
The regular expression engine of Ruby, a scripting language, contains a
memory leak which can be triggered remotely under certain circumstances,
leading to a denial of service condition (CVE-2008-3443).
In addition, this security update addresses a regression in the REXML
XML parser of the ruby1.8 package; the regression was introduced in
DSA-1651-1.
For the stable distribution (etch), this problem has been fixed in version
1.8.5-4etch4 of the ruby1.8 package, and version 1.9.0+20060609-1etch4
of the ruby1.9 package.
For the unstable distribution (sid), this problem has been fixed in
version 1.8.7.72-1 of the ruby1.8 package. The ruby1.9 package will be
fixed soon.
We recommend that you upgrade your Ruby packages.
CPE | Name | Operator | Version |
---|---|---|---|
ruby1.8 | eq | 1.8.5-4 | |
ruby1.8 | eq | 1.8.5-4etch1 | |
ruby1.8 | eq | 1.8.5-4etch2 | |
ruby1.8 | eq | 1.8.5-4etch3 |