104 matches found
CVE-2025-55763
Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16 latest allows a remote attacker to achieve remote code execution via a crafted HTTP request. This vulnerability is triggered during request processing and may allow an attacker to corrupt heap memory, potentially leading to denial of...
CVE-2025-55763
Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16 latest allows a remote attacker to achieve remote code execution via a crafted HTTP request. This vulnerability is triggered during request processing and may allow an attacker to corrupt heap memory, potentially leading to denial of...
CLSA-2025-1755617966 ruby: Fix of CVE-2023-36617
CVE-2023-36617: fix mishandling invalid URLs that have specific characters in URI parser to prevent ReDoS issue...
Linux Distros Unpatched Vulnerability : CVE-2023-28755
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It...
Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-839)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-839 advisory. A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings...
Medium: ruby3.2
Issue Overview: A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396parser.rb and rfc3986parser.rb. NOTE: this issue...
PT-2025-35250
Name of the Vulnerable Software and Affected Versions CivetWeb versions 1.14 through 1.16 Description A buffer overflow in the URI parser of CivetWeb may allow a remote attacker to achieve remote code execution via a crafted HTTP request. This issue is triggered during request processing and may...
SUSE CVE-2024-34402
An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow...
DEBIAN-CVE-2024-34402
An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow...
Amazon Linux 2 : ruby (ALASRUBY3.0-2023-001)
The version of ruby installed on the remote host is prior to 3.0.6-156. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2RUBY3.0-2023-001 advisory. A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles...
Important: ruby
Issue Overview: A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 a...
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-2666)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OESA-2023-1427 ruby security update
Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser...
CVE-2023-36617
A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This issue may result in a regular expression denial of service ReDoS...
Oracle Linux 8 : ruby:2.7 (ELSA-2023-3821)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-3821 advisory. - Fix HTTP response splitting in CGI. Resolves: CVE-2021-33621 - Fix ReDoS vulnerability in URI. Resolves: CVE-2023-28755 - Fix ReDoS vulnerability in...
A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.
...
SUSE CVE-2023-36617
A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396parser.rb and rfc3986parser.rb. NOTE: this issue exists becuse of a...
CVE-2023-36617
A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396parser.rb and rfc3986parser.rb. NOTE: this issue exists becuse of a...
AZL-27310 CVE-2023-36617 affecting package ruby for versions less than 3.1.4-2
A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396parser.rb and rfc3986parser.rb. NOTE: this issue exists becuse of a...
DEBIAN-CVE-2023-36617
A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396parser.rb and rfc3986parser.rb. NOTE: this issue exists becuse of a...