Lucene search

K
redosRedosROS-20240918-01
HistorySep 18, 2024 - 12:00 a.m.

ROS-20240918-01

2024-09-1800:00:00
redos.red-soft.ru
2
ruby programming language
cgi gem
remote attackers
data integrity
denial of service
arbitrary code
unix

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

Low

A vulnerability in the CGI::Cookie.parse function of the Ruby programming language is related to incorrect processing of security prefixes in cookie names.
security prefixes in cookie names. Exploitation of the vulnerability allows an attacker,
acting remotely, to affect data integrity

Vulnerability of Ruby programming language date parsing methods is related to uncontrolled resource consumption.
resources. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of
denial of service

A vulnerability in the cgi gem software tool is caused by an operation exceeding buffer boundaries in memory.
Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code on the target system.
target system

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64ruby< 2.7.6-129UNKNOWN

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

Low