10 matches found
CVE-2013-4073
Summary (CVE-2013-4073): The OpenSSL hostname verification in Ruby’s SSL client is broken due to improper handling of a ‘\0’ character in the Subject Alternative Name of X.509 certificates, enabling MITM spoofing via certificates issued by legitimate CAs. Affected: Ruby OpenSSL client implementat...
CVE-2013-0256
CVE-2013-0256 affects Ruby’s RDoc/darkfish.js: XSS via crafted URLs in RDoc-generated documentation. Affected: darkfish.js handling in RDoc versions 2.3.0–3.12 and 4.x before 4.0.0.preview2.1. Impact: remote script execution in the context of the user’s session when documentation is viewed over t...
CVE-2013-1821
CVE-2013-1821 is an XML Entity Expansion (XEE) denial-of-service vulnerability in the REXML parser of Ruby. The provided sources confirm affected Ruby/REXML configurations across multiple lines: Ruby before 1.9.3-p392 (initial description) and extended references indicate the issue affects 1.9.x ...
CVE-2013-4164
Ruby CVE-2013-4164 is a heap-based buffer overflow in numeric conversion from strings to floating point values, enabling a denial of service and potential remote code execution. Affected are Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revisi...
CVE-2013-4287
CVE-2013-4287 represents an algorithmic complexity DoS in RubyGems via an unsafe regular expression in Gem::Version::VERSION_PATTERN. Affected RubyGems versions include pre-1.8.23.1, 1.8.24–1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0 (per upstream and advisories); note that an incomplete f...
CVE-2012-4466
CVE-2012-4466 affects Ruby 1.8.7 before patchlevel 371, Ruby 1.9.3 before patchlevel 286, and Ruby 2.0 before revision r37068. The issue allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via name_err_mesg_to_str, tainting handling for strings. This ...
CVE-2013-2065
CVE-2013-2065 is a taint-check bypass in Ruby's DL and Fiddle native extensions. The initial description notes that Ruby 1.9.x up to 1.9.3 patchlevel 426 and Ruby 2.0 up to patchlevel 195 do not taint-check native functions, allowing context-dependent attackers to bypass safe-level restrictions. ...
CVE-2012-4464
Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 are vulnerable to a context-dependent taint bypass via exc_to_s or name_err_to_s in the exception-to-string paths, allowing modification of untainted strings and bypassing safe-level restrictions (distinct from CVE-2012-4466). Root c...
CVE-2012-4481
CVE-2012-4481 affects Ruby 1.8.x where the safe-level feature allows context-dependent attackers to modify strings via NameError#to_s, noted as a follow-up to an incomplete fix for CVE-2011-1005. Connected advisories show affected Ruby 1.8.5/1.8.7 variants in MiracleLinux and EulerOS environments...
CVE-2013-4363
RubyGems CVE-2013-4363 is a REGEX backtracking DoS vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN. Affected are RubyGems versions prior to 1.8.23.2, 1.8.24–1.8.26, 2.0.x prior to 2.0.10, and 2.1.x prior to 2.1.5, when parsing gem version strings (used with Ruby 1.9.0–2.0.0p247). The issu...