3 matches found
CVE-2009-1904
CVE-2009-1904 concerns the Ruby BigDecimal conversion to Float: Ruby 1.8.6 before p369 and 1.8.7 before p173 can crash an application (DoS) when given a very large numeric string. Connected advisories (e.g., MiracleLinux AXSA-2009-78:01) confirm a patch was released (e.g., “New patchlevel fixing ...
CVE-2009-0642
CVE-2009-0642 affects Ruby 1.8 and 1.9: ext/openssl/ossl_ocsp.c may fail to properly check OCSP_basic_verify() return value, potentially allowing a remote attacker to use an invalid X.509 certificate (possibly revoked). Multiple advisories reference this issue (e.g., RHSA-2009:1140, ELSA-2009-114...
CVE-2009-4124
CVE-2009-4124 affects Ruby 1.9.x where a heap-based buffer overflow in rb_str_justify (string.c) allows context-dependent attackers to execute arbitrary code via String#ljust, String#center, or String#rjust. Affected versions are Ruby 1.9.1 prior to 1.9.1-p376. The vulnerability is classified wit...