Design/Logic Flaw

Algorithmic complexity vulnerability in Gem::Version::ANCHOREDVERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service CP...

CVE-2013-4287

Algorithmic complexity vulnerability in Gem::Version::VERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service CPU...

CVE-2013-4363

Algorithmic complexity vulnerability in Gem::Version::ANCHOREDVERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service CP...

Design/Logic Flaw

Algorithmic complexity vulnerability in Gem::Version::VERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service CPU...

CVE-2013-4363

Algorithmic complexity vulnerability in Gem::Version::ANCHOREDVERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service CP...

CVE-2013-4287

Algorithmic complexity vulnerability in Gem::Version::VERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service CPU...

CVE-2013-4363

Algorithmic complexity vulnerability in Gem::Version::ANCHOREDVERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service CP...

CVE-2013-4287

CVE-2013-4287 represents an algorithmic complexity DoS in RubyGems via an unsafe regular expression in Gem::Version::VERSION_PATTERN. Affected RubyGems versions include pre-1.8.23.1, 1.8.24–1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0 (per upstream and advisories); note that an incomplete f...

CVE-2013-4287

Algorithmic complexity vulnerability in Gem::Version::VERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service CPU...

CVE-2013-4363

RubyGems CVE-2013-4363 is a REGEX backtracking DoS vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN. Affected are RubyGems versions prior to 1.8.23.2, 1.8.24–1.8.26, 2.0.x prior to 2.0.10, and 2.1.x prior to 2.1.5, when parsing gem version strings (used with Ruby 1.9.0–2.0.0p247). The issu...

Moderate: Red Hat Security Advisory: rubygems security update

An updated rubygems package that fixes three security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, ar...

rubygems security update

1.3.7-4 - Remove regexp backtracing CVE-2013-4363. - Related: rhbz1002838. 1.3.7-3 - Fix insecure connection to SSL repository CVE-2012-2125, CVE-2012-2126. - Related: rhbz1002838. 1.3.7-2 - Fix algorithmic complexity vulnerability CVE-2013-4287. - Resolves: rhbz1002838...

Medium: rubygems

Issue Overview: Algorithmic complexity vulnerability in Gem::Version::ANCHOREDVERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a deni...

rubygems: version regex algorithmic complexity vulnerability

A denial of service vulnerability exists in the RubyGems versions 2.0.7 or older, such that when RubyGems validates versioning it performs a wrong regular expression causing resource consumption due to algorithmic complexity...

Moderate: Red Hat Security Advisory: ruby193-ruby security update

Updated ruby193-ruby packages that fix one security issue are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

MGASA-2013-0297 Updated ruby-RubyGems package fixes security vulnerabilies

Updated ruby-RubyGems package fixes security vulnerability: RubyGems validates versions with a regular expression that is vulnerable to denial of service due to a backtracking regular expression. For specially crafted RubyGems versions attackers can cause denial of service through CPU consumption...

Updated ruby-RubyGems package fixes security vulnerabilies

Updated ruby-RubyGems package fixes security vulnerability: RubyGems validates versions with a regular expression that is vulnerable to denial of service due to a backtracking regular expression. For specially crafted RubyGems versions attackers can cause denial of service through CPU consumption...

Fedora Update for rubygems FEDORA-2013-17649

Check for the Version of rubygems OpenVAS Vulnerability Test Fedora Update for rubygems FEDORA-2013-17649 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Fedora Update for rubygems FEDORA-2013-17662

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for rubygems FEDORA-2013-17649

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...