6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.064 Low
EPSS
Percentile
92.6%
Ruby is an extensible, interpreted, object-oriented, scripting language.
It has features to process text files and to perform system management
tasks.
A buffer overflow flaw was found in the way Ruby parsed floating point
numbers from their text representation. If an application using Ruby
accepted untrusted input strings and converted them to floating point
numbers, an attacker able to provide such input could cause the application
to crash or, possibly, execute arbitrary code with the privileges of the
application. (CVE-2013-4164)
All ruby users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | i686 | ruby-ri | < 1.8.7.352-13.el6_2 | ruby-ri-1.8.7.352-13.el6_2.i686.rpm |
RedHat | 6 | s390x | ruby-irb | < 1.8.7.352-13.el6_3 | ruby-irb-1.8.7.352-13.el6_3.s390x.rpm |
RedHat | 6 | s390 | ruby-devel | < 1.8.7.352-13.el6_3 | ruby-devel-1.8.7.352-13.el6_3.s390.rpm |
RedHat | 6 | i686 | ruby-ri | < 1.8.7.352-13.el6_4 | ruby-ri-1.8.7.352-13.el6_4.i686.rpm |
RedHat | 6 | s390x | ruby-debuginfo | < 1.8.7.352-13.el6_4 | ruby-debuginfo-1.8.7.352-13.el6_4.s390x.rpm |
RedHat | 6 | ppc64 | ruby-devel | < 1.8.7.352-13.el6_2 | ruby-devel-1.8.7.352-13.el6_2.ppc64.rpm |
RedHat | 6 | ppc64 | ruby-docs | < 1.8.7.352-13.el6_4 | ruby-docs-1.8.7.352-13.el6_4.ppc64.rpm |
RedHat | 6 | ppc64 | ruby-devel | < 1.8.7.352-13.el6_4 | ruby-devel-1.8.7.352-13.el6_4.ppc64.rpm |
RedHat | 6 | i686 | ruby-static | < 1.8.7.352-13.el6_2 | ruby-static-1.8.7.352-13.el6_2.i686.rpm |
RedHat | 6 | i686 | ruby | < 1.8.7.352-13.el6_3 | ruby-1.8.7.352-13.el6_3.i686.rpm |