Lucene search
K

13 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:36 a.m.4 views

SUSE CVE-2013-4363

Algorithmic complexity vulnerability in Gem::Version::ANCHOREDVERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service CP...

4.3CVSS8AI score0.0169EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/01/19 12:0 a.m.38 views

Oracle Solaris Third-Party Patch Update : rubygems (multiple_cryptographic_issues_vulnerabilities_in1)

The remote Solaris system is missing necessary patches to address security updates : - Algorithmic complexity vulnerability in Gem::Version::VERSIONPATTERN in lib/ rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby...

4.3CVSS8AI score0.03343EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/01/19 12:0 a.m.25 views

Oracle Solaris Third-Party Patch Update : ruby (multiple_vulnerabilities_in_ruby1)

The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service...

6.8CVSS8AI score0.34968EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2015/01/19 12:0 a.m.28 views

Oracle Solaris Third-Party Patch Update : ruby (multiple_cryptographic_issues_vulnerabilities_in)

The remote Solaris system is missing necessary patches to address security updates : - Algorithmic complexity vulnerability in Gem::Version::VERSIONPATTERN in lib/ rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby...

4.3CVSS8AI score0.03343EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.25 views

openSUSE Security Update : ruby19 (openSUSE-SU-2013:1611-1)

ruby19 was updated to fix the following security issues : - fix CVE-2013-2065: Object taint bypassing in DL and Fiddle bnc843686 The file CVE-2013-2065.patch contains the patch - fix CVE-2013-4287 CVE-2013-4363: ruby19: Algorithmic complexity vulnerability bnc837457 The file...

6.4CVSS7.8AI score0.03343EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2014/03/21 12:0 a.m.39 views

Puppet Enterprise 3.x < 3.1.1 Multiple Vulnerabilities

According to its self-reported version number, the Puppet Enterprise 3.x install on the remote host is prior to 3.1.1. As a result, it is reportedly affected by multiple vulnerabilities : - An input validation error exists related to the included Ruby version, handling string to floating point...

6.8CVSS8AI score0.34968EPSS
Exploits6References15
Tenable Nessus
Tenable Nessus
added 2013/11/25 12:0 a.m.24 views

FreeBSD : ruby-gems -- Algorithmic Complexity Vulnerability (742eb9e4-e3cb-4f5a-b94e-0e9a39420600)

Ruby Gem developers report : The patch for CVE-2013-4363 was insufficiently verified so the combined regular expression for verifying gem version remains vulnerable following CVE-2013-4363. RubyGems validates versions with a regular expression that is vulnerable to denial of service due to...

4.3CVSS8.1AI score0.0169EPSS
Exploits0References2
OSV
OSV
added 2013/10/17 11:55 p.m.10 views

CVE-2013-4363

Algorithmic complexity vulnerability in Gem::Version::ANCHOREDVERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service CP...

4.3CVSS6.2AI score0.0169EPSS
Exploits0References6
CVE
CVE
added 2013/10/17 11:0 p.m.89 views

CVE-2013-4363

RubyGems CVE-2013-4363 is a REGEX backtracking DoS vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN. Affected are RubyGems versions prior to 1.8.23.2, 1.8.24–1.8.26, 2.0.x prior to 2.0.10, and 2.1.x prior to 2.1.5, when parsing gem version strings (used with Ruby 1.9.0–2.0.0p247). The issu...

4.3CVSS5.5AI score0.0169EPSS
Exploits0References5Affected Software1
Mageia
Mageia
added 2013/10/09 10:29 p.m.37 views

Updated ruby-RubyGems package fixes security vulnerabilies

Updated ruby-RubyGems package fixes security vulnerability: RubyGems validates versions with a regular expression that is vulnerable to denial of service due to a backtracking regular expression. For specially crafted RubyGems versions attackers can cause denial of service through CPU consumption...

4.3CVSS5.7AI score0.03343EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2013/10/04 12:0 a.m.19 views

Fedora 19 : rubygems-2.0.10-106.fc19 (2013-17662)

Previously a security flow was found on rubygems for validating versions with a regular expression which is vulnerable to denial of service due to backtracking. Although this was thought to be fixed in the previous rubygems, the fix was found imcomplete and the imcompleteness is now assigned as...

4.3CVSS7.9AI score0.0169EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/10/04 12:0 a.m.17 views

Fedora 18 : rubygems-1.8.25-8.fc18 (2013-17649)

Previously a security flow was found on rubygems for validating versions with a regular expression which is vulnerable to denial of service due to backtracking. Although this was thought to be fixed in the previous rubygems, the fix was found imcomplete and the imcompleteness is now assigned as...

4.3CVSS7.9AI score0.0169EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2013/09/24 12:0 a.m.30 views

ruby-gems -- Algorithmic Complexity Vulnerability

Ruby Gem developers report: The patch for CVE-2013-4363 was insufficiently verified so the combined regular expression for verifying gem version remains vulnerable following CVE-2013-4363. RubyGems validates versions with a regular expression that is vulnerable to denial of service due to...

4.3CVSS6.1AI score0.0169EPSS
Exploits0
Rows per page
Query Builder