Vulnerabilites related to ruby-lang - ruby
cve-2009-5147
Vulnerability from cvelistv5
Published
2017-03-29 14:00
Modified
2024-08-07 07:32
Severity ?
EPSS score ?
Summary
DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2015/q3/222 | mailing-list, x_refsource_MLIST | |
| https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/ | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2018:0583 | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1248935 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/76060 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T07:32:23.332Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b", }, { name: "[oss-security] 20150728 Re: CVE request: Two ruby 'dl' vulnerabilities fixed in ruby-1.9.1-p129", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://seclists.org/oss-sec/2015/q3/222", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/", }, { name: "RHSA-2018:0583", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1248935", }, { name: "76060", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/76060", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-07-28T00:00:00", descriptions: [ { lang: "en", value: "DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-03-27T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b", }, { name: "[oss-security] 20150728 Re: CVE request: Two ruby 'dl' vulnerabilities fixed in ruby-1.9.1-p129", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://seclists.org/oss-sec/2015/q3/222", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/", }, { name: "RHSA-2018:0583", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1248935", }, { name: "76060", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/76060", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2009-5147", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b", refsource: "CONFIRM", url: "https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b", }, { name: "[oss-security] 20150728 Re: CVE request: Two ruby 'dl' vulnerabilities fixed in ruby-1.9.1-p129", refsource: "MLIST", url: "http://seclists.org/oss-sec/2015/q3/222", }, { name: "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/", }, { name: "RHSA-2018:0583", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1248935", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1248935", }, { name: "76060", refsource: "BID", url: "http://www.securityfocus.com/bid/76060", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2009-5147", datePublished: "2017-03-29T14:00:00", dateReserved: "2015-07-28T00:00:00", dateUpdated: "2024-08-07T07:32:23.332Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-10663
Vulnerability from cvelistv5
Published
2020-04-28 20:58
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:06:10.608Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/", }, { name: "[debian-lts-announce] 20200430 [SECURITY] [DLA 2192-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html", }, { name: "openSUSE-SU-2020:0586", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00004.html", }, { name: "FEDORA-2020-26df92331a", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ/", }, { name: "FEDORA-2020-d171bf636d", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4/", }, { name: "FEDORA-2020-a95706b117", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/", }, { name: "DSA-4721", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4721", }, { name: "[zookeeper-dev] 20200913 [jira] [Created] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae%40%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200913 [jira] [Created] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200913 [jira] [Resolved] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200930 [jira] [Comment Edited] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200930 [jira] [Commented] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200930 [jira] [Issue Comment Deleted] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d%40%3Cissues.zookeeper.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT211931", }, { name: "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2020/Dec/32", }, { name: "[zookeeper-issues] 20210106 [jira] [Updated] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db%40%3Cissues.zookeeper.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210129-0003/", }, { name: "[zookeeper-issues] 20210404 [jira] [Updated] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210404 [jira] [Assigned] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61%40%3Cissues.zookeeper.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2020-03-19T00:00:00", descriptions: [ { lang: "en", value: "The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-04T06:07:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/", }, { name: "[debian-lts-announce] 20200430 [SECURITY] [DLA 2192-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html", }, { name: "openSUSE-SU-2020:0586", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00004.html", }, { name: "FEDORA-2020-26df92331a", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ/", }, { name: "FEDORA-2020-d171bf636d", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4/", }, { name: "FEDORA-2020-a95706b117", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/", }, { name: "DSA-4721", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4721", }, { name: "[zookeeper-dev] 20200913 [jira] [Created] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae%40%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200913 [jira] [Created] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200913 [jira] [Resolved] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200930 [jira] [Comment Edited] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200930 [jira] [Commented] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200930 [jira] [Issue Comment Deleted] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d%40%3Cissues.zookeeper.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT211931", }, { name: "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2020/Dec/32", }, { name: "[zookeeper-issues] 20210106 [jira] [Updated] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db%40%3Cissues.zookeeper.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210129-0003/", }, { name: "[zookeeper-issues] 20210404 [jira] [Updated] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210404 [jira] [Assigned] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61%40%3Cissues.zookeeper.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-10663", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/", }, { name: "[debian-lts-announce] 20200430 [SECURITY] [DLA 2192-1] ruby2.1 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html", }, { name: "openSUSE-SU-2020:0586", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00004.html", }, { name: "FEDORA-2020-26df92331a", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ/", }, { name: "FEDORA-2020-d171bf636d", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4/", }, { name: "FEDORA-2020-a95706b117", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/", }, { name: "DSA-4721", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4721", }, { name: "[zookeeper-dev] 20200913 [jira] [Created] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae@%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200913 [jira] [Created] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200913 [jira] [Resolved] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200930 [jira] [Comment Edited] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200930 [jira] [Commented] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200930 [jira] [Issue Comment Deleted] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d@%3Cissues.zookeeper.apache.org%3E", }, { name: "https://support.apple.com/kb/HT211931", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT211931", }, { name: "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2020/Dec/32", }, { name: "[zookeeper-issues] 20210106 [jira] [Updated] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db@%3Cissues.zookeeper.apache.org%3E", }, { name: "https://security.netapp.com/advisory/ntap-20210129-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210129-0003/", }, { name: "[zookeeper-issues] 20210404 [jira] [Updated] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210404 [jira] [Assigned] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61@%3Cissues.zookeeper.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-10663", datePublished: "2020-04-28T20:58:30", dateReserved: "2020-03-18T00:00:00", dateUpdated: "2024-08-04T11:06:10.608Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-4310
Vulnerability from cvelistv5
Published
2008-12-09 00:00
Modified
2024-08-07 10:08
Severity ?
EPSS score ?
Summary
httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2008-0981.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=470252 | x_refsource_CONFIRM | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10250 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.openwall.com/lists/oss-security/2008/12/04/2 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/33013 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T10:08:35.153Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2008:0981", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0981.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=470252", }, { name: "oval:org.mitre.oval:def:10250", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10250", }, { name: "[oss-security] 20081204 ruby CVE-2008-4310 (Red Hat specific)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2008/12/04/2", }, { name: "33013", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33013", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-12-04T00:00:00", descriptions: [ { lang: "en", value: "httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-28T12:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2008:0981", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0981.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=470252", }, { name: "oval:org.mitre.oval:def:10250", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10250", }, { name: "[oss-security] 20081204 ruby CVE-2008-4310 (Red Hat specific)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2008/12/04/2", }, { name: "33013", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33013", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2008-4310", datePublished: "2008-12-09T00:00:00", dateReserved: "2008-09-29T00:00:00", dateUpdated: "2024-08-07T10:08:35.153Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-2725
Vulnerability from cvelistv5
Published
2008-06-24 19:00
Modified
2024-08-07 09:14
Severity ?
EPSS score ?
Summary
Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "REALLOC_N" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:14:14.654Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SR:2008:017", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT2163", }, { name: "31090", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31090", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", }, { name: "MDVSA-2008:141", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { name: "30875", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30875", }, { name: "ADV-2008-1981", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { name: "ADV-2008-1907", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1907/references", }, { name: "oval:org.mitre.oval:def:9606", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9606", }, { name: "DSA-1618", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1618", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2727", }, { name: "31687", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31687", }, { name: "30894", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30894", }, { name: "ruby-rbarysplice-code-execution(43350)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43350", }, { name: "31062", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31062", }, { name: "31256", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31256", }, { name: "20080626 rPSA-2008-0206-1 ruby", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/493688/100/0/threaded", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", }, { name: "SSA:2008-179-01", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562", }, { name: "APPLE-SA-2008-06-30", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { name: "1020347", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020347", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", }, { name: "[fedora-security-commits] 20080620 fedora-security/audit f10, 1.7, 1.8 f8, 1.225, 1.226 f9, 1.215, 1.216", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657", }, { name: "FEDORA-2008-5649", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", }, { name: "MDVSA-2008:140", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { name: "30802", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30802", }, { name: "30831", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30831", }, { name: "RHSA-2008:0561", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0561.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://issues.rpath.com/browse/RPL-2626", }, { name: "DSA-1612", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1612", }, { name: "GLSA-200812-17", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { name: "33178", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33178", }, { name: "29903", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29903", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", }, { name: "30867", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30867", }, { name: "MDVSA-2008:142", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.ruby-forum.com/topic/157034", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", }, { name: "USN-621-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-621-1", }, { name: "31181", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31181", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-06-21T00:00:00", descriptions: [ { lang: "en", value: "Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the \"REALLOC_N\" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T19:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "SUSE-SR:2008:017", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT2163", }, { name: "31090", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31090", }, { tags: [ "x_refsource_MISC", ], url: "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", }, { name: "MDVSA-2008:141", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { name: "30875", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30875", }, { name: "ADV-2008-1981", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { name: "ADV-2008-1907", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1907/references", }, { name: "oval:org.mitre.oval:def:9606", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9606", }, { name: "DSA-1618", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1618", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2727", }, { name: "31687", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31687", }, { name: "30894", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30894", }, { name: "ruby-rbarysplice-code-execution(43350)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43350", }, { name: "31062", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31062", }, { name: "31256", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31256", }, { name: "20080626 rPSA-2008-0206-1 ruby", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/493688/100/0/threaded", }, { tags: [ "x_refsource_MISC", ], url: "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", }, { name: "SSA:2008-179-01", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562", }, { name: "APPLE-SA-2008-06-30", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { name: "1020347", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020347", }, { tags: [ "x_refsource_MISC", ], url: "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", }, { name: "[fedora-security-commits] 20080620 fedora-security/audit f10, 1.7, 1.8 f8, 1.225, 1.226 f9, 1.215, 1.216", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657", }, { name: "FEDORA-2008-5649", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", }, { name: "MDVSA-2008:140", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { name: "30802", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30802", }, { name: "30831", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30831", }, { name: "RHSA-2008:0561", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0561.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://issues.rpath.com/browse/RPL-2626", }, { name: "DSA-1612", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1612", }, { name: "GLSA-200812-17", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { name: "33178", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33178", }, { name: "29903", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29903", }, { tags: [ "x_refsource_MISC", ], url: "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", }, { name: "30867", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30867", }, { name: "MDVSA-2008:142", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", }, { tags: [ "x_refsource_MISC", ], url: "http://www.ruby-forum.com/topic/157034", }, { tags: [ "x_refsource_MISC", ], url: "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", }, { name: "USN-621-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-621-1", }, { name: "31181", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31181", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2008-2725", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the \"REALLOC_N\" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "SUSE-SR:2008:017", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { name: "http://support.apple.com/kb/HT2163", refsource: "CONFIRM", url: "http://support.apple.com/kb/HT2163", }, { name: "31090", refsource: "SECUNIA", url: "http://secunia.com/advisories/31090", }, { name: "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", refsource: "MISC", url: "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", }, { name: "MDVSA-2008:141", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { name: "30875", refsource: "SECUNIA", url: "http://secunia.com/advisories/30875", }, { name: "ADV-2008-1981", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { name: "ADV-2008-1907", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1907/references", }, { name: "oval:org.mitre.oval:def:9606", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9606", }, { name: "DSA-1618", refsource: "DEBIAN", url: "http://www.debian.org/security/2008/dsa-1618", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2727", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2727", }, { name: "31687", refsource: "SECUNIA", url: "http://secunia.com/advisories/31687", }, { name: "30894", refsource: "SECUNIA", url: "http://secunia.com/advisories/30894", }, { name: "ruby-rbarysplice-code-execution(43350)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43350", }, { name: "31062", refsource: "SECUNIA", url: "http://secunia.com/advisories/31062", }, { name: "31256", refsource: "SECUNIA", url: "http://secunia.com/advisories/31256", }, { name: "20080626 rPSA-2008-0206-1 ruby", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/493688/100/0/threaded", }, { name: "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", refsource: "MISC", url: "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", }, { name: "SSA:2008-179-01", refsource: "SLACKWARE", url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562", }, { name: "APPLE-SA-2008-06-30", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { name: "1020347", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1020347", }, { name: "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", refsource: "MISC", url: "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", }, { name: "[fedora-security-commits] 20080620 fedora-security/audit f10, 1.7, 1.8 f8, 1.225, 1.226 f9, 1.215, 1.216", refsource: "MLIST", url: "http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html", }, { name: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", refsource: "CONFIRM", url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", }, { name: "https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657", refsource: "CONFIRM", url: "https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657", }, { name: "FEDORA-2008-5649", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", }, { name: "MDVSA-2008:140", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { name: "30802", refsource: "SECUNIA", url: "http://secunia.com/advisories/30802", }, { name: "30831", refsource: "SECUNIA", url: "http://secunia.com/advisories/30831", }, { name: "RHSA-2008:0561", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2008-0561.html", }, { name: "https://issues.rpath.com/browse/RPL-2626", refsource: "CONFIRM", url: "https://issues.rpath.com/browse/RPL-2626", }, { name: "DSA-1612", refsource: "DEBIAN", url: "http://www.debian.org/security/2008/dsa-1612", }, { name: "GLSA-200812-17", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { name: "33178", refsource: "SECUNIA", url: "http://secunia.com/advisories/33178", }, { name: "29903", refsource: "BID", url: "http://www.securityfocus.com/bid/29903", }, { name: "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", refsource: "MISC", url: "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", }, { name: "30867", refsource: "SECUNIA", url: "http://secunia.com/advisories/30867", }, { name: "MDVSA-2008:142", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { name: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", refsource: "CONFIRM", url: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", }, { name: "http://www.ruby-forum.com/topic/157034", refsource: "MISC", url: "http://www.ruby-forum.com/topic/157034", }, { name: "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", refsource: "MISC", url: "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", }, { name: "USN-621-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/usn-621-1", }, { name: "31181", refsource: "SECUNIA", url: "http://secunia.com/advisories/31181", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2008-2725", datePublished: "2008-06-24T19:00:00", dateReserved: "2008-06-16T00:00:00", dateUpdated: "2024-08-07T09:14:14.654Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-8779
Vulnerability from cvelistv5
Published
2018-04-03 22:00
Modified
2024-08-05 07:02
Severity ?
EPSS score ?
Summary
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:02:26.095Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", }, { name: "RHSA-2018:3729", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { name: "USN-3626-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3626-1/", }, { name: "1042004", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1042004", }, { name: "RHSA-2018:3730", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1358-1] ruby1.9.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html", }, { name: "RHSA-2018:3731", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", }, { name: "103767", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/103767", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", }, { name: "DSA-4259", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4259", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html", }, { name: "openSUSE-SU-2019:1771", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { name: "RHSA-2019:2028", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2028", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-03-28T00:00:00", descriptions: [ { lang: "en", value: "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-06T16:06:26", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", }, { name: "RHSA-2018:3729", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { name: "USN-3626-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3626-1/", }, { name: "1042004", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1042004", }, { name: "RHSA-2018:3730", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1358-1] ruby1.9.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html", }, { name: "RHSA-2018:3731", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", }, { name: "103767", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/103767", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", }, { name: "DSA-4259", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4259", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html", }, { name: "openSUSE-SU-2019:1771", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { name: "RHSA-2019:2028", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2028", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-8779", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", }, { name: "RHSA-2018:3729", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { name: "USN-3626-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3626-1/", }, { name: "1042004", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1042004", }, { name: "RHSA-2018:3730", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1358-1] ruby1.9.1 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html", }, { name: "RHSA-2018:3731", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { name: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", }, { name: "103767", refsource: "BID", url: "http://www.securityfocus.com/bid/103767", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { name: "https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/", }, { name: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", }, { name: "DSA-4259", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4259", }, { name: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html", }, { name: "openSUSE-SU-2019:1771", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { name: "RHSA-2019:2028", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2028", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-8779", datePublished: "2018-04-03T22:00:00", dateReserved: "2018-03-19T00:00:00", dateUpdated: "2024-08-05T07:02:26.095Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-3900
Vulnerability from cvelistv5
Published
2015-06-24 14:00
Modified
2024-08-06 05:56
Severity ?
EPSS score ?
Summary
RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T05:56:16.332Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2015:1657", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1657.html", }, { name: "FEDORA-2015-12501", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163502.html", }, { name: "FEDORA-2015-12574", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.html", }, { name: "[oss-security] 20150626 rubygems <2.4.8 vulnerable to DNS request hijacking (CVE-2015-3900 and CVE-2015-4020)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/06/26/2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/", }, { name: "75482", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/75482", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://puppet.com/security/cve/CVE-2015-3900", }, { name: "FEDORA-2015-13157", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164236.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-05-14T00:00:00", descriptions: [ { lang: "en", value: "RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a \"DNS hijack attack.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-12-08T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "RHSA-2015:1657", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1657.html", }, { name: "FEDORA-2015-12501", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163502.html", }, { name: "FEDORA-2015-12574", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.html", }, { name: "[oss-security] 20150626 rubygems <2.4.8 vulnerable to DNS request hijacking (CVE-2015-3900 and CVE-2015-4020)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/06/26/2", }, { tags: [ "x_refsource_MISC", ], url: "https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/", }, { name: "75482", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/75482", }, { tags: [ "x_refsource_MISC", ], url: "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://puppet.com/security/cve/CVE-2015-3900", }, { name: "FEDORA-2015-13157", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164236.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-3900", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a \"DNS hijack attack.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2015:1657", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2015-1657.html", }, { name: "FEDORA-2015-12501", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163502.html", }, { name: "FEDORA-2015-12574", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.html", }, { name: "[oss-security] 20150626 rubygems <2.4.8 vulnerable to DNS request hijacking (CVE-2015-3900 and CVE-2015-4020)", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/06/26/2", }, { name: "https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/", refsource: "MISC", url: "https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/", }, { name: "75482", refsource: "BID", url: "http://www.securityfocus.com/bid/75482", }, { name: "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356", refsource: "MISC", url: "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356", }, { name: "http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html", refsource: "CONFIRM", url: "http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html", }, { name: "https://puppet.com/security/cve/CVE-2015-3900", refsource: "CONFIRM", url: "https://puppet.com/security/cve/CVE-2015-3900", }, { name: "FEDORA-2015-13157", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164236.html", }, { name: "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-3900", datePublished: "2015-06-24T14:00:00", dateReserved: "2015-05-12T00:00:00", dateUpdated: "2024-08-06T05:56:16.332Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49761
Vulnerability from cvelistv5
Published
2024-10-28 14:10
Modified
2024-12-27 16:03
Severity ?
EPSS score ?
Summary
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/ruby/rexml/security/advisories/GHSA-2rxp-v6pw-ch6m | x_refsource_CONFIRM | |
| https://github.com/ruby/rexml/commit/ce59f2eb1aeb371fe1643414f06618dbe031979f | x_refsource_MISC | |
| https://www.ruby-lang.org/en/news/2024/10/28/redos-rexml-cve-2024-49761 | x_refsource_MISC |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:ruby:rexml:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "rexml", vendor: "ruby", versions: [ { lessThan: "3.3.9", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-49761", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-28T14:57:03.712021Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-28T14:58:24.116Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-12-27T16:03:07.802Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://security.netapp.com/advisory/ntap-20241227-0004/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "rexml", vendor: "ruby", versions: [ { status: "affected", version: "< 3.3.9", }, ], }, ], descriptions: [ { lang: "en", value: "REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.", }, ], metrics: [ { cvssV4_0: { attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 6.6, baseSeverity: "MEDIUM", privilegesRequired: "NONE", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "NONE", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1333", description: "CWE-1333: Inefficient Regular Expression Complexity", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-28T14:10:23.212Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/ruby/rexml/security/advisories/GHSA-2rxp-v6pw-ch6m", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/ruby/rexml/security/advisories/GHSA-2rxp-v6pw-ch6m", }, { name: "https://github.com/ruby/rexml/commit/ce59f2eb1aeb371fe1643414f06618dbe031979f", tags: [ "x_refsource_MISC", ], url: "https://github.com/ruby/rexml/commit/ce59f2eb1aeb371fe1643414f06618dbe031979f", }, { name: "https://www.ruby-lang.org/en/news/2024/10/28/redos-rexml-cve-2024-49761", tags: [ "x_refsource_MISC", ], url: "https://www.ruby-lang.org/en/news/2024/10/28/redos-rexml-cve-2024-49761", }, ], source: { advisory: "GHSA-2rxp-v6pw-ch6m", discovery: "UNKNOWN", }, title: "REXML ReDoS vulnerability", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-49761", datePublished: "2024-10-28T14:10:23.212Z", dateReserved: "2024-10-18T13:43:23.455Z", dateUpdated: "2024-12-27T16:03:07.802Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-1655
Vulnerability from cvelistv5
Published
2013-03-20 16:00
Modified
2024-08-06 15:13
Severity ?
EPSS score ?
Summary
Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/58442 | vdb-entry, x_refsource_BID | |
| http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html | vendor-advisory, x_refsource_SUSE | |
| http://www.debian.org/security/2013/dsa-2643 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/52596 | third-party-advisory, x_refsource_SECUNIA | |
| https://puppetlabs.com/security/cve/cve-2013-1655/ | x_refsource_CONFIRM | |
| http://ubuntu.com/usn/usn-1759-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T15:13:31.295Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "58442", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/58442", }, { name: "SUSE-SU-2013:0618", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html", }, { name: "DSA-2643", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2013/dsa-2643", }, { name: "52596", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/52596", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://puppetlabs.com/security/cve/cve-2013-1655/", }, { name: "USN-1759-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://ubuntu.com/usn/usn-1759-1", }, { name: "openSUSE-SU-2013:0641", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-03-12T00:00:00", descriptions: [ { lang: "en", value: "Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to \"serialized attributes.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-04-11T09:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "58442", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/58442", }, { name: "SUSE-SU-2013:0618", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html", }, { name: "DSA-2643", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2013/dsa-2643", }, { name: "52596", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/52596", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://puppetlabs.com/security/cve/cve-2013-1655/", }, { name: "USN-1759-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://ubuntu.com/usn/usn-1759-1", }, { name: "openSUSE-SU-2013:0641", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-1655", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to \"serialized attributes.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "58442", refsource: "BID", url: "http://www.securityfocus.com/bid/58442", }, { name: "SUSE-SU-2013:0618", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html", }, { name: "DSA-2643", refsource: "DEBIAN", url: "http://www.debian.org/security/2013/dsa-2643", }, { name: "52596", refsource: "SECUNIA", url: "http://secunia.com/advisories/52596", }, { name: "https://puppetlabs.com/security/cve/cve-2013-1655/", refsource: "CONFIRM", url: "https://puppetlabs.com/security/cve/cve-2013-1655/", }, { name: "USN-1759-1", refsource: "UBUNTU", url: "http://ubuntu.com/usn/usn-1759-1", }, { name: "openSUSE-SU-2013:0641", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-1655", datePublished: "2013-03-20T16:00:00", dateReserved: "2013-02-11T00:00:00", dateUpdated: "2024-08-06T15:13:31.295Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-17742
Vulnerability from cvelistv5
Published
2018-04-03 00:00
Modified
2024-08-05 20:59
Severity ?
EPSS score ?
Summary
Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T20:59:17.715Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-3685-1", tags: [ "vendor-advisory", "x_transferred", ], url: "https://usn.ubuntu.com/3685-1/", }, { tags: [ "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", }, { name: "103684", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/103684", }, { name: "RHSA-2018:3729", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { name: "1042004", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id/1042004", }, { name: "RHSA-2018:3730", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1358-1] ruby1.9.1 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html", }, { name: "RHSA-2018:3731", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { tags: [ "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/", }, { tags: [ "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { tags: [ "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", }, { name: "DSA-4259", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4259", }, { tags: [ "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html", }, { name: "openSUSE-SU-2019:1771", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { name: "RHSA-2019:2028", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2028", }, { name: "[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html", }, { name: "[debian-lts-announce] 20200816 [SECURITY] [DLA 2330-1] jruby security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html", }, { name: "[debian-lts-announce] 20230430 [SECURITY] [DLA 3408-1] jruby security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-03-28T00:00:00", descriptions: [ { lang: "en", value: "Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-30T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "USN-3685-1", tags: [ "vendor-advisory", ], url: "https://usn.ubuntu.com/3685-1/", }, { url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", }, { name: "103684", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/103684", }, { name: "RHSA-2018:3729", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { name: "1042004", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id/1042004", }, { name: "RHSA-2018:3730", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1358-1] ruby1.9.1 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html", }, { name: "RHSA-2018:3731", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { url: "https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/", }, { url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", }, { name: "DSA-4259", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2018/dsa-4259", }, { url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html", }, { name: "openSUSE-SU-2019:1771", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { name: "RHSA-2019:2028", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2028", }, { name: "[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html", }, { name: "[debian-lts-announce] 20200816 [SECURITY] [DLA 2330-1] jruby security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html", }, { name: "[debian-lts-announce] 20230430 [SECURITY] [DLA 3408-1] jruby security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-17742", datePublished: "2018-04-03T00:00:00", dateReserved: "2017-12-18T00:00:00", dateUpdated: "2024-08-05T20:59:17.715Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2009-4124
Vulnerability from cvelistv5
Published
2009-12-11 16:00
Modified
2024-08-07 06:54
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/60880 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54674 | vdb-entry, x_refsource_XF | |
| http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/ | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2009/3471 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/37278 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/37660 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T06:54:10.177Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "60880", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/60880", }, { name: "ruby-rbstrjustify-bo(54674)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/54674", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/", }, { name: "ADV-2009-3471", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/3471", }, { name: "37278", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/37278", }, { name: "37660", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/37660", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-12-07T00:00:00", descriptions: [ { lang: "en", value: "Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of these details are obtained from third party information.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "60880", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/60880", }, { name: "ruby-rbstrjustify-bo(54674)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/54674", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/", }, { name: "ADV-2009-3471", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/3471", }, { name: "37278", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/37278", }, { name: "37660", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/37660", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2009-4124", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of these details are obtained from third party information.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "60880", refsource: "OSVDB", url: "http://www.osvdb.org/60880", }, { name: "ruby-rbstrjustify-bo(54674)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/54674", }, { name: "http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/", refsource: "CONFIRM", url: "http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/", }, { name: "ADV-2009-3471", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/3471", }, { name: "37278", refsource: "BID", url: "http://www.securityfocus.com/bid/37278", }, { name: "37660", refsource: "SECUNIA", url: "http://secunia.com/advisories/37660", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2009-4124", datePublished: "2009-12-11T16:00:00", dateReserved: "2009-11-30T00:00:00", dateUpdated: "2024-08-07T06:54:10.177Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-0233
Vulnerability from cvelistv5
Published
2013-04-25 23:00
Modified
2024-09-17 02:41
Severity ?
EPSS score ?
Summary
Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.metasploit.com/modules/auxiliary/admin/http/rails_devise_pass_reset | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2013/01/29/3 | mailing-list, x_refsource_MLIST | |
| http://www.phenoelit.org/blog/archives/2013/02/05/mysql_madness_and_rails/index.html | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-updates/2013-03/msg00000.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/bid/57577 | vdb-entry, x_refsource_BID | |
| http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/ | x_refsource_CONFIRM | |
| https://github.com/Snorby/snorby/issues/261 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:18:09.499Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.metasploit.com/modules/auxiliary/admin/http/rails_devise_pass_reset", }, { name: "[oss-security] 20130128 Re: CVE request for 'devise' ruby gem", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/01/29/3", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.phenoelit.org/blog/archives/2013/02/05/mysql_madness_and_rails/index.html", }, { name: "openSUSE-SU-2013:0374", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-03/msg00000.html", }, { name: "57577", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/57577", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/Snorby/snorby/issues/261", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-04-25T23:00:00Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.metasploit.com/modules/auxiliary/admin/http/rails_devise_pass_reset", }, { name: "[oss-security] 20130128 Re: CVE request for 'devise' ruby gem", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2013/01/29/3", }, { tags: [ "x_refsource_MISC", ], url: "http://www.phenoelit.org/blog/archives/2013/02/05/mysql_madness_and_rails/index.html", }, { name: "openSUSE-SU-2013:0374", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-03/msg00000.html", }, { name: "57577", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/57577", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/Snorby/snorby/issues/261", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2013-0233", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.metasploit.com/modules/auxiliary/admin/http/rails_devise_pass_reset", refsource: "MISC", url: "http://www.metasploit.com/modules/auxiliary/admin/http/rails_devise_pass_reset", }, { name: "[oss-security] 20130128 Re: CVE request for 'devise' ruby gem", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2013/01/29/3", }, { name: "http://www.phenoelit.org/blog/archives/2013/02/05/mysql_madness_and_rails/index.html", refsource: "MISC", url: "http://www.phenoelit.org/blog/archives/2013/02/05/mysql_madness_and_rails/index.html", }, { name: "openSUSE-SU-2013:0374", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-03/msg00000.html", }, { name: "57577", refsource: "BID", url: "http://www.securityfocus.com/bid/57577", }, { name: "http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/", refsource: "CONFIRM", url: "http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/", }, { name: "https://github.com/Snorby/snorby/issues/261", refsource: "MISC", url: "https://github.com/Snorby/snorby/issues/261", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-0233", datePublished: "2013-04-25T23:00:00Z", dateReserved: "2012-12-06T00:00:00Z", dateUpdated: "2024-09-17T02:41:33.381Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-22795
Vulnerability from cvelistv5
Published
2023-02-09 00:00
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/rails/rails |
Version: 6.1.7.1, 7.0.4.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:20:30.901Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118", }, { name: "DSA-5372", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5372", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240202-0010/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "https://github.com/rails/rails", vendor: "n/a", versions: [ { status: "affected", version: "6.1.7.1, 7.0.4.1", }, ], }, ], descriptions: [ { lang: "en", value: "A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "Denial of Service (CWE-400)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-02T14:06:23.429831", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { url: "https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118", }, { name: "DSA-5372", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5372", }, { url: "https://security.netapp.com/advisory/ntap-20240202-0010/", }, ], }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2023-22795", datePublished: "2023-02-09T00:00:00", dateReserved: "2023-01-06T00:00:00", dateUpdated: "2024-08-02T10:20:30.901Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-17405
Vulnerability from cvelistv5
Published
2017-12-15 09:00
Modified
2024-08-05 20:51
Severity ?
EPSS score ?
Summary
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T20:51:31.364Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2018:0585", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0585", }, { name: "[debian-lts-announce] 20171225 [SECURITY] [DLA 1222-1] ruby1.8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html", }, { name: "RHSA-2018:0378", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0378", }, { name: "102204", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/102204", }, { name: "1042004", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1042004", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/", }, { name: "43381", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/43381/", }, { name: "RHSA-2018:0584", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0584", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2017/12/14/ruby-2-4-3-released/", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { name: "RHSA-2018:0583", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { name: "[debian-lts-announce] 20171225 [SECURITY] [DLA 1221-1] ruby1.9.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html", }, { name: "DSA-4259", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4259", }, { name: "RHSA-2019:2806", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2806", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-12-15T00:00:00", descriptions: [ { lang: "en", value: "Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the \"|\" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-09-19T09:06:11", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "RHSA-2018:0585", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0585", }, { name: "[debian-lts-announce] 20171225 [SECURITY] [DLA 1222-1] ruby1.8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html", }, { name: "RHSA-2018:0378", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0378", }, { name: "102204", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/102204", }, { name: "1042004", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1042004", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/", }, { name: "43381", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/43381/", }, { name: "RHSA-2018:0584", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0584", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2017/12/14/ruby-2-4-3-released/", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { name: "RHSA-2018:0583", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { name: "[debian-lts-announce] 20171225 [SECURITY] [DLA 1221-1] ruby1.9.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html", }, { name: "DSA-4259", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4259", }, { name: "RHSA-2019:2806", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2806", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-17405", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the \"|\" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2018:0585", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0585", }, { name: "[debian-lts-announce] 20171225 [SECURITY] [DLA 1222-1] ruby1.8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html", }, { name: "RHSA-2018:0378", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0378", }, { name: "102204", refsource: "BID", url: "http://www.securityfocus.com/bid/102204", }, { name: "1042004", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1042004", }, { name: "https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/", }, { name: "43381", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/43381/", }, { name: "RHSA-2018:0584", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0584", }, { name: "https://www.ruby-lang.org/en/news/2017/12/14/ruby-2-4-3-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2017/12/14/ruby-2-4-3-released/", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { name: "RHSA-2018:0583", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { name: "[debian-lts-announce] 20171225 [SECURITY] [DLA 1221-1] ruby1.9.1 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html", }, { name: "DSA-4259", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4259", }, { name: "RHSA-2019:2806", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2806", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-17405", datePublished: "2017-12-15T09:00:00", dateReserved: "2017-12-05T00:00:00", dateUpdated: "2024-08-05T20:51:31.364Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-4464
Vulnerability from cvelistv5
Published
2013-04-25 23:00
Modified
2024-08-06 20:35
Severity ?
EPSS score ?
Summary
Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE: this issue might exist because of a CVE-2011-1005 regression.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=862598 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/10/02/4 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/10/03/9 | mailing-list, x_refsource_MLIST | |
| http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089554.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089887.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/ | x_refsource_CONFIRM | |
| http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T20:35:09.734Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=862598", }, { name: "[oss-security] 20121002 CVE Request: Ruby safe level bypasses", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/10/02/4", }, { name: "[oss-security] 20121003 Re: CVE Request: Ruby safe level bypasses", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/10/03/9", }, { name: "FEDORA-2012-15376", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089554.html", }, { name: "FEDORA-2012-15395", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089887.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-10-02T00:00:00", descriptions: [ { lang: "en", value: "Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE: this issue might exist because of a CVE-2011-1005 regression.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-08-27T09:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=862598", }, { name: "[oss-security] 20121002 CVE Request: Ruby safe level bypasses", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/10/02/4", }, { name: "[oss-security] 20121003 Re: CVE Request: Ruby safe level bypasses", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/10/03/9", }, { name: "FEDORA-2012-15376", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089554.html", }, { name: "FEDORA-2012-15395", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089887.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/", }, { tags: [ "x_refsource_MISC", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2012-4464", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE: this issue might exist because of a CVE-2011-1005 regression.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=862598", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=862598", }, { name: "[oss-security] 20121002 CVE Request: Ruby safe level bypasses", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/10/02/4", }, { name: "[oss-security] 20121003 Re: CVE Request: Ruby safe level bypasses", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/10/03/9", }, { name: "FEDORA-2012-15376", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089554.html", }, { name: "FEDORA-2012-15395", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089887.html", }, { name: "http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/", refsource: "CONFIRM", url: "http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/", }, { name: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068", refsource: "MISC", url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-4464", datePublished: "2013-04-25T23:00:00", dateReserved: "2012-08-21T00:00:00", dateUpdated: "2024-08-06T20:35:09.734Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-3009
Vulnerability from cvelistv5
Published
2011-08-05 22:00
Modified
2024-08-06 23:22
Severity ?
EPSS score ?
Summary
Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/49126 | vdb-entry, x_refsource_BID | |
| http://www.redhat.com/support/errata/RHSA-2011-1581.html | vendor-advisory, x_refsource_REDHAT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/69157 | vdb-entry, x_refsource_XF | |
| http://rhn.redhat.com/errata/RHSA-2012-0070.html | vendor-advisory, x_refsource_REDHAT | |
| http://redmine.ruby-lang.org/issues/show/4338 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2011/07/20/1 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T23:22:26.693Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "49126", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/49126", }, { name: "RHSA-2011:1581", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-1581.html", }, { name: "ruby-random-number-weak-security(69157)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/69157", }, { name: "RHSA-2012:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2012-0070.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://redmine.ruby-lang.org/issues/show/4338", }, { name: "[oss-security] 20110720 Re: CVE Request: ruby PRNG fixes", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2011/07/20/1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-07-20T00:00:00", descriptions: [ { lang: "en", value: "Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "49126", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/49126", }, { name: "RHSA-2011:1581", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-1581.html", }, { name: "ruby-random-number-weak-security(69157)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/69157", }, { name: "RHSA-2012:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2012-0070.html", }, { tags: [ "x_refsource_MISC", ], url: "http://redmine.ruby-lang.org/issues/show/4338", }, { name: "[oss-security] 20110720 Re: CVE Request: ruby PRNG fixes", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2011/07/20/1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2011-3009", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "49126", refsource: "BID", url: "http://www.securityfocus.com/bid/49126", }, { name: "RHSA-2011:1581", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2011-1581.html", }, { name: "ruby-random-number-weak-security(69157)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/69157", }, { name: "RHSA-2012:0070", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2012-0070.html", }, { name: "http://redmine.ruby-lang.org/issues/show/4338", refsource: "MISC", url: "http://redmine.ruby-lang.org/issues/show/4338", }, { name: "[oss-security] 20110720 Re: CVE Request: ruby PRNG fixes", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2011/07/20/1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2011-3009", datePublished: "2011-08-05T22:00:00", dateReserved: "2011-08-05T00:00:00", dateUpdated: "2024-08-06T23:22:26.693Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-1821
Vulnerability from cvelistv5
Published
2013-04-09 21:00
Modified
2024-08-06 15:13
Severity ?
EPSS score ?
Summary
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T15:13:33.271Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2013:0612", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0612.html", }, { name: "MDVSA-2013:124", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:124", }, { name: "openSUSE-SU-2013:0603", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html", }, { name: "SSA:2013-075-01", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred", ], url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862", }, { name: "52783", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/52783", }, { name: "DSA-2738", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2013/dsa-2738", }, { name: "openSUSE-SU-2013:0614", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00036.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=39384", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0092", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { name: "USN-1780-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1780-1", }, { name: "58141", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/58141", }, { name: "52902", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/52902", }, { name: "[oss-security] 20130306 CVE for Ruby Entity expansion DoS vulnerability in REXML (XML bomb)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/03/06/5", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=914716", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/", }, { name: "SUSE-SU-2013:0609", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html", }, { name: "DSA-2809", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2013/dsa-2809", }, { name: "RHSA-2013:1028", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1028.html", }, { name: "RHSA-2013:0611", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0611.html", }, { name: "RHSA-2013:1147", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1147.html", }, { name: "SUSE-SU-2013:0647", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-02-22T00:00:00", descriptions: [ { lang: "en", value: "lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-06T13:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2013:0612", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0612.html", }, { name: "MDVSA-2013:124", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:124", }, { name: "openSUSE-SU-2013:0603", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html", }, { name: "SSA:2013-075-01", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", ], url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862", }, { name: "52783", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/52783", }, { name: "DSA-2738", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2013/dsa-2738", }, { name: "openSUSE-SU-2013:0614", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00036.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=39384", }, { tags: [ "x_refsource_MISC", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0092", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { name: "USN-1780-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1780-1", }, { name: "58141", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/58141", }, { name: "52902", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/52902", }, { name: "[oss-security] 20130306 CVE for Ruby Entity expansion DoS vulnerability in REXML (XML bomb)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2013/03/06/5", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=914716", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/", }, { name: "SUSE-SU-2013:0609", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html", }, { name: "DSA-2809", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2013/dsa-2809", }, { name: "RHSA-2013:1028", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1028.html", }, { name: "RHSA-2013:0611", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0611.html", }, { name: "RHSA-2013:1147", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1147.html", }, { name: "SUSE-SU-2013:0647", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2013-1821", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2013:0612", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-0612.html", }, { name: "MDVSA-2013:124", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:124", }, { name: "openSUSE-SU-2013:0603", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html", }, { name: "SSA:2013-075-01", refsource: "SLACKWARE", url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862", }, { name: "52783", refsource: "SECUNIA", url: "http://secunia.com/advisories/52783", }, { name: "DSA-2738", refsource: "DEBIAN", url: "http://www.debian.org/security/2013/dsa-2738", }, { name: "openSUSE-SU-2013:0614", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00036.html", }, { name: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=39384", refsource: "CONFIRM", url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=39384", }, { name: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525", refsource: "MISC", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525", }, { name: "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0092", refsource: "CONFIRM", url: "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0092", }, { name: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { name: "USN-1780-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-1780-1", }, { name: "58141", refsource: "BID", url: "http://www.securityfocus.com/bid/58141", }, { name: "52902", refsource: "SECUNIA", url: "http://secunia.com/advisories/52902", }, { name: "[oss-security] 20130306 CVE for Ruby Entity expansion DoS vulnerability in REXML (XML bomb)", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2013/03/06/5", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=914716", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=914716", }, { name: "http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/", refsource: "CONFIRM", url: "http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/", }, { name: "SUSE-SU-2013:0609", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html", }, { name: "DSA-2809", refsource: "DEBIAN", url: "http://www.debian.org/security/2013/dsa-2809", }, { name: "RHSA-2013:1028", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1028.html", }, { name: "RHSA-2013:0611", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-0611.html", }, { name: "RHSA-2013:1147", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1147.html", }, { name: "SUSE-SU-2013:0647", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-1821", datePublished: "2013-04-09T21:00:00", dateReserved: "2013-02-19T00:00:00", dateUpdated: "2024-08-06T15:13:33.271Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-9096
Vulnerability from cvelistv5
Published
2017-06-12 20:00
Modified
2024-08-06 08:36
Severity ?
EPSS score ?
Summary
Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.debian.org/security/2017/dsa-3966 | vendor-advisory, x_refsource_DEBIAN | |
| https://hackerone.com/reports/137631 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html | mailing-list, x_refsource_MLIST | |
| https://github.com/rubysec/ruby-advisory-db/issues/215 | x_refsource_MISC | |
| https://github.com/ruby/ruby/commit/0827a7e52ba3d957a634b063bf5a391239b9ffee | x_refsource_MISC | |
| http://www.mbsd.jp/Whitepaper/smtpi.pdf | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T08:36:31.894Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-3966", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2017/dsa-3966", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://hackerone.com/reports/137631", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/rubysec/ruby-advisory-db/issues/215", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/ruby/ruby/commit/0827a7e52ba3d957a634b063bf5a391239b9ffee", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.mbsd.jp/Whitepaper/smtpi.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-06-12T00:00:00", descriptions: [ { lang: "en", value: "Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-07-14T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "DSA-3966", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2017/dsa-3966", }, { tags: [ "x_refsource_MISC", ], url: "https://hackerone.com/reports/137631", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/rubysec/ruby-advisory-db/issues/215", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/ruby/ruby/commit/0827a7e52ba3d957a634b063bf5a391239b9ffee", }, { tags: [ "x_refsource_MISC", ], url: "http://www.mbsd.jp/Whitepaper/smtpi.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-9096", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "DSA-3966", refsource: "DEBIAN", url: "https://www.debian.org/security/2017/dsa-3966", }, { name: "https://hackerone.com/reports/137631", refsource: "MISC", url: "https://hackerone.com/reports/137631", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { name: "https://github.com/rubysec/ruby-advisory-db/issues/215", refsource: "MISC", url: "https://github.com/rubysec/ruby-advisory-db/issues/215", }, { name: "https://github.com/ruby/ruby/commit/0827a7e52ba3d957a634b063bf5a391239b9ffee", refsource: "MISC", url: "https://github.com/ruby/ruby/commit/0827a7e52ba3d957a634b063bf5a391239b9ffee", }, { name: "http://www.mbsd.jp/Whitepaper/smtpi.pdf", refsource: "MISC", url: "http://www.mbsd.jp/Whitepaper/smtpi.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-9096", datePublished: "2017-06-12T20:00:00", dateReserved: "2017-06-12T00:00:00", dateUpdated: "2024-08-06T08:36:31.894Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-8780
Vulnerability from cvelistv5
Published
2018-04-03 22:00
Modified
2024-08-05 07:02
Severity ?
EPSS score ?
Summary
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:02:26.043Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", }, { name: "RHSA-2018:3729", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { name: "USN-3626-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3626-1/", }, { name: "1042004", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1042004", }, { name: "RHSA-2018:3730", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1358-1] ruby1.9.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html", }, { name: "RHSA-2018:3731", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { name: "103739", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/103739", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", }, { name: "DSA-4259", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4259", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html", }, { name: "openSUSE-SU-2019:1771", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { name: "RHSA-2019:2028", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2028", }, { name: "RHSA-2020:0542", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0542", }, { name: "RHSA-2020:0591", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0591", }, { name: "RHSA-2020:0663", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0663", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-03-28T00:00:00", descriptions: [ { lang: "en", value: "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-03T18:06:19", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", }, { name: "RHSA-2018:3729", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { name: "USN-3626-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3626-1/", }, { name: "1042004", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1042004", }, { name: "RHSA-2018:3730", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1358-1] ruby1.9.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html", }, { name: "RHSA-2018:3731", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { name: "103739", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/103739", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", }, { name: "DSA-4259", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4259", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html", }, { name: "openSUSE-SU-2019:1771", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { name: "RHSA-2019:2028", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2028", }, { name: "RHSA-2020:0542", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0542", }, { name: "RHSA-2020:0591", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0591", }, { name: "RHSA-2020:0663", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0663", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-8780", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", }, { name: "RHSA-2018:3729", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { name: "USN-3626-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3626-1/", }, { name: "1042004", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1042004", }, { name: "RHSA-2018:3730", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1358-1] ruby1.9.1 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html", }, { name: "RHSA-2018:3731", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { name: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", }, { name: "https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { name: "103739", refsource: "BID", url: "http://www.securityfocus.com/bid/103739", }, { name: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", }, { name: "DSA-4259", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4259", }, { name: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html", }, { name: "openSUSE-SU-2019:1771", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { name: "RHSA-2019:2028", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2028", }, { name: "RHSA-2020:0542", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0542", }, { name: "RHSA-2020:0591", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0591", }, { name: "RHSA-2020:0663", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0663", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-8780", datePublished: "2018-04-03T22:00:00", dateReserved: "2018-03-19T00:00:00", dateUpdated: "2024-08-05T07:02:26.043Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-3624
Vulnerability from cvelistv5
Published
2019-11-26 02:50
Modified
2024-08-06 23:37
Severity ?
EPSS score ?
Summary
Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2011-3624 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3624 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2011-3624 | x_refsource_MISC | |
| https://redmine.ruby-lang.org/issues/5418 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T23:37:48.555Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://security-tracker.debian.org/tracker/CVE-2011-3624", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3624", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://access.redhat.com/security/cve/cve-2011-3624", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://redmine.ruby-lang.org/issues/5418", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Ruby", vendor: "Ruby", versions: [ { status: "affected", version: "1.9.2", }, { status: "affected", version: "1.8.7 and earlier", }, ], }, ], descriptions: [ { lang: "en", value: "Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header.", }, ], problemTypes: [ { descriptions: [ { description: "UNKNOWN_TYPE", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-12-11T21:51:22", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://security-tracker.debian.org/tracker/CVE-2011-3624", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3624", }, { tags: [ "x_refsource_MISC", ], url: "https://access.redhat.com/security/cve/cve-2011-3624", }, { tags: [ "x_refsource_MISC", ], url: "https://redmine.ruby-lang.org/issues/5418", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2011-3624", datePublished: "2019-11-26T02:50:40", dateReserved: "2011-09-21T00:00:00", dateUpdated: "2024-08-06T23:37:48.555Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-2489
Vulnerability from cvelistv5
Published
2010-07-09 19:00
Modified
2024-08-07 02:32
Severity ?
EPSS score ?
Summary
Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filenames of the backup files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/66040 | vdb-entry, x_refsource_OSVDB | |
| http://www.openwall.com/lists/oss-security/2010/07/02/10 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/40442 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/60135 | vdb-entry, x_refsource_XF | |
| http://www.openwall.com/lists/oss-security/2010/07/02/1 | mailing-list, x_refsource_MLIST | |
| http://svn.ruby-lang.org/repos/ruby/tags/v1_9_1_429/ChangeLog | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/41321 | vdb-entry, x_refsource_BID | |
| http://osdir.com/ml/ruby-talk/2010-07/msg00095.html | mailing-list, x_refsource_MLIST | |
| http://svn.ruby-lang.org/repos/ruby/tags/v1_9_2_rc1/ChangeLog | x_refsource_CONFIRM | |
| http://www.ruby-lang.org/en/news/2010/07/02/ruby-1-9-1-p429-is-released/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T02:32:16.763Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "66040", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/66040", }, { name: "[oss-security] 20100702 Re: CVE Request [Microsoft Windows Ruby-v1.9.x] -- Buffer over-run leading to ACE", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2010/07/02/10", }, { name: "40442", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/40442", }, { name: "ruby-argfinplacemode-bo(60135)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/60135", }, { name: "[oss-security] 20100702 CVE Request [Microsoft Windows Ruby-v1.9.x] -- Buffer over-run leading to ACE", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2010/07/02/1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://svn.ruby-lang.org/repos/ruby/tags/v1_9_1_429/ChangeLog", }, { name: "41321", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/41321", }, { name: "[ruby-talk] 20100702 Re: [ANN][Security] Ruby 1.9.1-p429 is out", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://osdir.com/ml/ruby-talk/2010-07/msg00095.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://svn.ruby-lang.org/repos/ruby/tags/v1_9_2_rc1/ChangeLog", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ruby-lang.org/en/news/2010/07/02/ruby-1-9-1-p429-is-released/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2010-07-02T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filenames of the backup files.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "66040", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/66040", }, { name: "[oss-security] 20100702 Re: CVE Request [Microsoft Windows Ruby-v1.9.x] -- Buffer over-run leading to ACE", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2010/07/02/10", }, { name: "40442", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/40442", }, { name: "ruby-argfinplacemode-bo(60135)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/60135", }, { name: "[oss-security] 20100702 CVE Request [Microsoft Windows Ruby-v1.9.x] -- Buffer over-run leading to ACE", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2010/07/02/1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://svn.ruby-lang.org/repos/ruby/tags/v1_9_1_429/ChangeLog", }, { name: "41321", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/41321", }, { name: "[ruby-talk] 20100702 Re: [ANN][Security] Ruby 1.9.1-p429 is out", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://osdir.com/ml/ruby-talk/2010-07/msg00095.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://svn.ruby-lang.org/repos/ruby/tags/v1_9_2_rc1/ChangeLog", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ruby-lang.org/en/news/2010/07/02/ruby-1-9-1-p429-is-released/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2010-2489", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filenames of the backup files.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "66040", refsource: "OSVDB", url: "http://www.osvdb.org/66040", }, { name: "[oss-security] 20100702 Re: CVE Request [Microsoft Windows Ruby-v1.9.x] -- Buffer over-run leading to ACE", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2010/07/02/10", }, { name: "40442", refsource: "SECUNIA", url: "http://secunia.com/advisories/40442", }, { name: "ruby-argfinplacemode-bo(60135)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/60135", }, { name: "[oss-security] 20100702 CVE Request [Microsoft Windows Ruby-v1.9.x] -- Buffer over-run leading to ACE", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2010/07/02/1", }, { name: "http://svn.ruby-lang.org/repos/ruby/tags/v1_9_1_429/ChangeLog", refsource: "CONFIRM", url: "http://svn.ruby-lang.org/repos/ruby/tags/v1_9_1_429/ChangeLog", }, { name: "41321", refsource: "BID", url: "http://www.securityfocus.com/bid/41321", }, { name: "[ruby-talk] 20100702 Re: [ANN][Security] Ruby 1.9.1-p429 is out", refsource: "MLIST", url: "http://osdir.com/ml/ruby-talk/2010-07/msg00095.html", }, { name: "http://svn.ruby-lang.org/repos/ruby/tags/v1_9_2_rc1/ChangeLog", refsource: "CONFIRM", url: "http://svn.ruby-lang.org/repos/ruby/tags/v1_9_2_rc1/ChangeLog", }, { name: "http://www.ruby-lang.org/en/news/2010/07/02/ruby-1-9-1-p429-is-released/", refsource: "CONFIRM", url: "http://www.ruby-lang.org/en/news/2010/07/02/ruby-1-9-1-p429-is-released/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2010-2489", datePublished: "2010-07-09T19:00:00", dateReserved: "2010-06-28T00:00:00", dateUpdated: "2024-08-07T02:32:16.763Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-1947
Vulnerability from cvelistv5
Published
2013-04-25 23:00
Modified
2024-09-16 18:19
Severity ?
EPSS score ?
Summary
kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2013/04/12/2 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2013/04/10/3 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T15:20:37.189Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20130412 Re: Remote command injection in Ruby Gem kelredd-pruview 0.3.8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/04/12/2", }, { name: "[oss-security] 20130410 Remote command injection in Ruby Gem kelredd-pruview 0.3.8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/04/10/3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-04-25T23:00:00Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "[oss-security] 20130412 Re: Remote command injection in Ruby Gem kelredd-pruview 0.3.8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2013/04/12/2", }, { name: "[oss-security] 20130410 Remote command injection in Ruby Gem kelredd-pruview 0.3.8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2013/04/10/3", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2013-1947", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20130412 Re: Remote command injection in Ruby Gem kelredd-pruview 0.3.8", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2013/04/12/2", }, { name: "[oss-security] 20130410 Remote command injection in Ruby Gem kelredd-pruview 0.3.8", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2013/04/10/3", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-1947", datePublished: "2013-04-25T23:00:00Z", dateReserved: "2013-02-19T00:00:00Z", dateUpdated: "2024-09-16T18:19:38.111Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-11465
Vulnerability from cvelistv5
Published
2017-07-19 21:00
Modified
2024-09-16 17:15
Severity ?
EPSS score ?
Summary
The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as a bypass of a $SAFE protection mechanism.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.ruby-lang.org/issues/13742 | x_refsource_MISC | |
| https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/59344 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T18:12:39.862Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.ruby-lang.org/issues/13742", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/59344", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as a bypass of a $SAFE protection mechanism.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-19T21:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugs.ruby-lang.org/issues/13742", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/59344", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-11465", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as a bypass of a $SAFE protection mechanism.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugs.ruby-lang.org/issues/13742", refsource: "MISC", url: "https://bugs.ruby-lang.org/issues/13742", }, { name: "https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/59344", refsource: "MISC", url: "https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/59344", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-11465", datePublished: "2017-07-19T21:00:00Z", dateReserved: "2017-07-19T00:00:00Z", dateUpdated: "2024-09-16T17:15:26.973Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-28965
Vulnerability from cvelistv5
Published
2021-04-21 06:55
Modified
2024-08-03 21:55
Severity ?
EPSS score ?
Summary
The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/ | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTVFTLFVCSUE5CXHINJEUCKSHU4SWDMT/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.netapp.com/advisory/ntap-20210528-0003/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:55:12.192Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/", }, { name: "FEDORA-2021-7b8b65bc7a", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTVFTLFVCSUE5CXHINJEUCKSHU4SWDMT/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210528-0003/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-05-28T09:06:18", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/", }, { name: "FEDORA-2021-7b8b65bc7a", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTVFTLFVCSUE5CXHINJEUCKSHU4SWDMT/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210528-0003/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-28965", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/", refsource: "MISC", url: "https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/", }, { name: "FEDORA-2021-7b8b65bc7a", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTVFTLFVCSUE5CXHINJEUCKSHU4SWDMT/", }, { name: "https://security.netapp.com/advisory/ntap-20210528-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210528-0003/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-28965", datePublished: "2021-04-21T06:55:24", dateReserved: "2021-03-22T00:00:00", dateUpdated: "2024-08-03T21:55:12.192Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-5380
Vulnerability from cvelistv5
Published
2012-10-11 10:00
Modified
2024-09-17 01:01
Severity ?
EPSS score ?
Summary
Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the Ruby installation
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.htbridge.com/advisory/HTB23108 | x_refsource_MISC |
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2012-5380", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-22T19:27:47.842050Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T19:01:08.154Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "ADP Container", }, { providerMetadata: { dateUpdated: "2024-08-06T21:05:46.943Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.htbridge.com/advisory/HTB23108", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\\Ruby193\\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the \"IKE and AuthIP IPsec Keying Modules\" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the Ruby installation", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-10-11T10:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.htbridge.com/advisory/HTB23108", }, ], tags: [ "disputed", ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2012-5380", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** DISPUTED ** Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\\Ruby193\\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the \"IKE and AuthIP IPsec Keying Modules\" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the Ruby installation.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.htbridge.com/advisory/HTB23108", refsource: "MISC", url: "https://www.htbridge.com/advisory/HTB23108", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2012-5380", datePublished: "2012-10-11T10:00:00Z", dateReserved: "2012-10-11T00:00:00Z", dateUpdated: "2024-09-17T01:01:38.756Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-1948
Vulnerability from cvelistv5
Published
2013-04-25 23:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.
References
| ▼ | URL | Tags |
|---|---|---|
| http://vapid.dhs.org/advisories/md2pdf-remote-exec.html | x_refsource_MISC | |
| http://osvdb.org/92290 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/83416 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/59061 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T15:20:37.263Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://vapid.dhs.org/advisories/md2pdf-remote-exec.html", }, { name: "92290", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/92290", }, { name: "md2pdf-cve20131948-command-exec(83416)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/83416", }, { name: "59061", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/59061", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-04-13T00:00:00", descriptions: [ { lang: "en", value: "converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://vapid.dhs.org/advisories/md2pdf-remote-exec.html", }, { name: "92290", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/92290", }, { name: "md2pdf-cve20131948-command-exec(83416)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/83416", }, { name: "59061", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/59061", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2013-1948", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://vapid.dhs.org/advisories/md2pdf-remote-exec.html", refsource: "MISC", url: "http://vapid.dhs.org/advisories/md2pdf-remote-exec.html", }, { name: "92290", refsource: "OSVDB", url: "http://osvdb.org/92290", }, { name: "md2pdf-cve20131948-command-exec(83416)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/83416", }, { name: "59061", refsource: "BID", url: "http://www.securityfocus.com/bid/59061", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-1948", datePublished: "2013-04-25T23:00:00", dateReserved: "2013-02-19T00:00:00", dateUpdated: "2024-08-06T15:20:37.263Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-32066
Vulnerability from cvelistv5
Published
2021-08-01 00:00
Modified
2024-08-03 23:17
Severity ?
EPSS score ?
Summary
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:17:28.265Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://hackerone.com/reports/1178562", }, { name: "[debian-lts-announce] 20211013 [SECURITY] [DLA 2780-1] ruby2.3 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/10/msg00009.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210902-0004/", }, { tags: [ "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/", }, { tags: [ "x_transferred", ], url: "https://github.com/ruby/ruby/commit/a21a3b7d23704a01d34bd79d09dc37897e00922a", }, { name: "[debian-lts-announce] 20230430 [SECURITY] [DLA 3408-1] jruby security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", }, { name: "GLSA-202401-27", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202401-27", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a \"StartTLS stripping attack.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-24T05:06:31.921371", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://hackerone.com/reports/1178562", }, { name: "[debian-lts-announce] 20211013 [SECURITY] [DLA 2780-1] ruby2.3 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2021/10/msg00009.html", }, { url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { url: "https://security.netapp.com/advisory/ntap-20210902-0004/", }, { url: "https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/", }, { url: "https://github.com/ruby/ruby/commit/a21a3b7d23704a01d34bd79d09dc37897e00922a", }, { name: "[debian-lts-announce] 20230430 [SECURITY] [DLA 3408-1] jruby security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", }, { name: "GLSA-202401-27", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202401-27", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-32066", datePublished: "2021-08-01T00:00:00", dateReserved: "2021-05-06T00:00:00", dateUpdated: "2024-08-03T23:17:28.265Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4287
Vulnerability from cvelistv5
Published
2013-10-17 23:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2013/09/10/1 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/55381 | third-party-advisory, x_refsource_SECUNIA | |
| http://rhn.redhat.com/errata/RHSA-2013-1523.html | vendor-advisory, x_refsource_REDHAT | |
| http://blog.rubygems.org/2013/09/09/CVE-2013-4287.html | x_refsource_CONFIRM | |
| https://puppet.com/security/cve/cve-2013-4287 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2013-1427.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2013-1852.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2013-1441.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2014-0207.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:38:01.871Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20130909 CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/09/10/1", }, { name: "55381", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/55381", }, { name: "RHSA-2013:1523", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1523.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.rubygems.org/2013/09/09/CVE-2013-4287.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://puppet.com/security/cve/cve-2013-4287", }, { name: "RHSA-2013:1427", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1427.html", }, { name: "RHSA-2013:1852", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1852.html", }, { name: "RHSA-2013:1441", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1441.html", }, { name: "RHSA-2014:0207", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0207.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-09-09T00:00:00", descriptions: [ { lang: "en", value: "Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-12-08T10:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "[oss-security] 20130909 CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2013/09/10/1", }, { name: "55381", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/55381", }, { name: "RHSA-2013:1523", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1523.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.rubygems.org/2013/09/09/CVE-2013-4287.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://puppet.com/security/cve/cve-2013-4287", }, { name: "RHSA-2013:1427", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1427.html", }, { name: "RHSA-2013:1852", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1852.html", }, { name: "RHSA-2013:1441", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1441.html", }, { name: "RHSA-2014:0207", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0207.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2013-4287", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20130909 CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2013/09/10/1", }, { name: "55381", refsource: "SECUNIA", url: "http://secunia.com/advisories/55381", }, { name: "RHSA-2013:1523", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1523.html", }, { name: "http://blog.rubygems.org/2013/09/09/CVE-2013-4287.html", refsource: "CONFIRM", url: "http://blog.rubygems.org/2013/09/09/CVE-2013-4287.html", }, { name: "https://puppet.com/security/cve/cve-2013-4287", refsource: "CONFIRM", url: "https://puppet.com/security/cve/cve-2013-4287", }, { name: "RHSA-2013:1427", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1427.html", }, { name: "RHSA-2013:1852", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1852.html", }, { name: "RHSA-2013:1441", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1441.html", }, { name: "RHSA-2014:0207", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-0207.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-4287", datePublished: "2013-10-17T23:00:00", dateReserved: "2013-06-12T00:00:00", dateUpdated: "2024-08-06T16:38:01.871Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-16254
Vulnerability from cvelistv5
Published
2019-11-26 00:00
Modified
2024-08-05 01:10
Severity ?
EPSS score ?
Summary
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:10:41.699Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://hackerone.com/reports/331984", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", }, { tags: [ "x_transferred", ], url: "https://www.ruby-lang.org/ja/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/", }, { tags: [ "x_transferred", ], url: "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/", }, { tags: [ "x_transferred", ], url: "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/", }, { tags: [ "x_transferred", ], url: "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/", }, { name: "[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html", }, { name: "20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Dec/31", }, { name: "20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Dec/32", }, { name: "DSA-4587", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4587", }, { name: "DSA-4586", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4586", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "GLSA-202003-06", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202003-06", }, { name: "openSUSE-SU-2020:0395", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html", }, { name: "[debian-lts-announce] 20200816 [SECURITY] [DLA 2330-1] jruby security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html", }, { name: "[debian-lts-announce] 20230430 [SECURITY] [DLA 3408-1] jruby security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-30T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://hackerone.com/reports/331984", }, { url: "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", }, { url: "https://www.ruby-lang.org/ja/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/", }, { url: "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/", }, { url: "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/", }, { url: "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/", }, { name: "[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html", }, { name: "20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", tags: [ "mailing-list", ], url: "https://seclists.org/bugtraq/2019/Dec/31", }, { name: "20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", tags: [ "mailing-list", ], url: "https://seclists.org/bugtraq/2019/Dec/32", }, { name: "DSA-4587", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2019/dsa-4587", }, { name: "DSA-4586", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2019/dsa-4586", }, { url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "GLSA-202003-06", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202003-06", }, { name: "openSUSE-SU-2020:0395", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html", }, { name: "[debian-lts-announce] 20200816 [SECURITY] [DLA 2330-1] jruby security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html", }, { name: "[debian-lts-announce] 20230430 [SECURITY] [DLA 3408-1] jruby security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-16254", datePublished: "2019-11-26T00:00:00", dateReserved: "2019-09-11T00:00:00", dateUpdated: "2024-08-05T01:10:41.699Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-25613
Vulnerability from cvelistv5
Published
2020-10-06 00:00
Modified
2024-08-04 15:33
Severity ?
EPSS score ?
Summary
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:33:05.751Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://hackerone.com/reports/965267", }, { tags: [ "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/", }, { tags: [ "x_transferred", ], url: "https://github.com/ruby/webrick/commit/8946bb38b4d87549f0d99ed73c62c41933f97cc7", }, { name: "FEDORA-2020-02ca18c2a0", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFP3E7KXXT3H3KA6CBZPUOGA5VPFARRJ/", }, { name: "FEDORA-2020-fe2a7d7390", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTZURYROG3FFED3TYCQOBV66BS4K6WOV/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210115-0008/", }, { name: "[debian-lts-announce] 20230430 [SECURITY] [DLA 3408-1] jruby security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", }, { name: "GLSA-202401-27", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202401-27", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-24T05:06:30.204645", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://hackerone.com/reports/965267", }, { url: "https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/", }, { url: "https://github.com/ruby/webrick/commit/8946bb38b4d87549f0d99ed73c62c41933f97cc7", }, { name: "FEDORA-2020-02ca18c2a0", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFP3E7KXXT3H3KA6CBZPUOGA5VPFARRJ/", }, { name: "FEDORA-2020-fe2a7d7390", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTZURYROG3FFED3TYCQOBV66BS4K6WOV/", }, { url: "https://security.netapp.com/advisory/ntap-20210115-0008/", }, { name: "[debian-lts-announce] 20230430 [SECURITY] [DLA 3408-1] jruby security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", }, { name: "GLSA-202401-27", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202401-27", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-25613", datePublished: "2020-10-06T00:00:00", dateReserved: "2020-09-16T00:00:00", dateUpdated: "2024-08-04T15:33:05.751Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-9225
Vulnerability from cvelistv5
Published
2017-05-24 15:00
Modified
2024-09-17 03:07
Severity ?
EPSS score ?
Summary
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kkos/oniguruma/commit/166a6c3999bf06b4de0ab4ce6b088a468cc4029f | x_refsource_CONFIRM | |
| https://github.com/kkos/oniguruma/issues/56 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T17:02:43.794Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/kkos/oniguruma/commit/166a6c3999bf06b4de0ab4ce6b088a468cc4029f", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/kkos/oniguruma/issues/56", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-05-24T15:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/kkos/oniguruma/commit/166a6c3999bf06b4de0ab4ce6b088a468cc4029f", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/kkos/oniguruma/issues/56", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-9225", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/kkos/oniguruma/commit/166a6c3999bf06b4de0ab4ce6b088a468cc4029f", refsource: "CONFIRM", url: "https://github.com/kkos/oniguruma/commit/166a6c3999bf06b4de0ab4ce6b088a468cc4029f", }, { name: "https://github.com/kkos/oniguruma/issues/56", refsource: "CONFIRM", url: "https://github.com/kkos/oniguruma/issues/56", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-9225", datePublished: "2017-05-24T15:00:00Z", dateReserved: "2017-05-24T00:00:00Z", dateUpdated: "2024-09-17T03:07:00.571Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-2705
Vulnerability from cvelistv5
Published
2011-08-05 21:00
Modified
2024-08-06 23:08
Severity ?
EPSS score ?
Summary
The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T23:08:23.972Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20110712 Re: CVE Request: ruby PRNG fixes", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2011/07/12/14", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=722415", }, { name: "[oss-security] 20110720 Re: CVE Request: ruby PRNG fixes", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2011/07/20/16", }, { name: "RHSA-2011:1581", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-1581.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ruby-lang.org/en/news/2011/07/15/ruby-1-9-2-p290-is-released/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=32050", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_352/ChangeLog", }, { name: "FEDORA-2011-9374", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063062.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://svn.ruby-lang.org/repos/ruby/tags/v1_9_2_290/ChangeLog", }, { name: "[oss-security] 20110720 Re: CVE Request: ruby PRNG fixes", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2011/07/20/1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://redmine.ruby-lang.org/issues/4579", }, { name: "[oss-security] 20110711 CVE Request: ruby PRNG fixes", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2011/07/11/1", }, { name: "49015", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/49015", }, { name: "FEDORA-2011-9359", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063071.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-07-11T00:00:00", descriptions: [ { lang: "en", value: "The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-01-19T10:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "[oss-security] 20110712 Re: CVE Request: ruby PRNG fixes", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2011/07/12/14", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=722415", }, { name: "[oss-security] 20110720 Re: CVE Request: ruby PRNG fixes", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2011/07/20/16", }, { name: "RHSA-2011:1581", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-1581.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ruby-lang.org/en/news/2011/07/15/ruby-1-9-2-p290-is-released/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=32050", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_352/ChangeLog", }, { name: "FEDORA-2011-9374", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063062.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://svn.ruby-lang.org/repos/ruby/tags/v1_9_2_290/ChangeLog", }, { name: "[oss-security] 20110720 Re: CVE Request: ruby PRNG fixes", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2011/07/20/1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://redmine.ruby-lang.org/issues/4579", }, { name: "[oss-security] 20110711 CVE Request: ruby PRNG fixes", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2011/07/11/1", }, { name: "49015", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/49015", }, { name: "FEDORA-2011-9359", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063071.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2011-2705", datePublished: "2011-08-05T21:00:00", dateReserved: "2011-07-11T00:00:00", dateUpdated: "2024-08-06T23:08:23.972Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-16395
Vulnerability from cvelistv5
Published
2018-11-16 18:00
Modified
2024-08-05 10:24
Severity ?
EPSS score ?
Summary
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T10:24:32.106Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/", }, { name: "RHSA-2018:3738", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3738", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/", }, { name: "RHSA-2018:3729", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://hackerone.com/reports/387250", }, { name: "RHSA-2018:3730", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { name: "RHSA-2018:3731", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/", }, { name: "DSA-4332", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4332", }, { name: "USN-3808-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3808-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190221-0002/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/", }, { name: "[debian-lts-announce] 20181028 [SECURITY] [DLA 1558-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html", }, { name: "1042105", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1042105", }, { name: "openSUSE-SU-2019:1771", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { name: "RHSA-2019:1948", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1948", }, { name: "RHSA-2019:2565", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2565", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-10-17T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-15T19:15:22", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/", }, { name: "RHSA-2018:3738", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3738", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/", }, { name: "RHSA-2018:3729", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { tags: [ "x_refsource_MISC", ], url: "https://hackerone.com/reports/387250", }, { name: "RHSA-2018:3730", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { name: "RHSA-2018:3731", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/", }, { name: "DSA-4332", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4332", }, { name: "USN-3808-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3808-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190221-0002/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/", }, { name: "[debian-lts-announce] 20181028 [SECURITY] [DLA 1558-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html", }, { name: "1042105", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1042105", }, { name: "openSUSE-SU-2019:1771", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { name: "RHSA-2019:1948", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1948", }, { name: "RHSA-2019:2565", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2565", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-16395", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/", }, { name: "RHSA-2018:3738", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3738", }, { name: "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/", }, { name: "RHSA-2018:3729", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { name: "https://hackerone.com/reports/387250", refsource: "MISC", url: "https://hackerone.com/reports/387250", }, { name: "RHSA-2018:3730", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { name: "RHSA-2018:3731", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { name: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/", }, { name: "DSA-4332", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4332", }, { name: "USN-3808-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3808-1/", }, { name: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/", }, { name: "https://security.netapp.com/advisory/ntap-20190221-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190221-0002/", }, { name: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/", }, { name: "[debian-lts-announce] 20181028 [SECURITY] [DLA 1558-1] ruby2.1 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html", }, { name: "1042105", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1042105", }, { name: "openSUSE-SU-2019:1771", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { name: "RHSA-2019:1948", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1948", }, { name: "RHSA-2019:2565", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2565", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-16395", datePublished: "2018-11-16T18:00:00", dateReserved: "2018-09-03T00:00:00", dateUpdated: "2024-08-05T10:24:32.106Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-3657
Vulnerability from cvelistv5
Published
2008-08-13 01:00
Modified
2024-08-07 09:45
Severity ?
EPSS score ?
Summary
The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:45:19.245Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "31430", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31430", }, { name: "31697", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31697", }, { name: "USN-651-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/651-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT3549", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264", }, { name: "DSA-1652", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1652", }, { name: "FEDORA-2008-8736", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html", }, { name: "oval:org.mitre.oval:def:9793", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9793", }, { name: "35074", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/35074", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", }, { name: "DSA-1651", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1651", }, { name: "APPLE-SA-2009-05-12", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html", }, { name: "30644", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/30644", }, { name: "RHSA-2008:0897", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/", }, { name: "32219", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32219", }, { name: "TA09-133A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-133A.html", }, { name: "ruby-dl-security-bypass(44372)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44372", }, { name: "32255", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32255", }, { name: "ADV-2009-1297", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/1297", }, { name: "20080831 rPSA-2008-0264-1 ruby", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/495884/100/0/threaded", }, { name: "32371", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32371", }, { name: "32165", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32165", }, { name: "GLSA-200812-17", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { name: "33178", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33178", }, { name: "ADV-2008-2334", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2334", }, { name: "1020652", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020652", }, { name: "FEDORA-2008-8738", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401", }, { name: "32256", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32256", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-08-08T00:00:00", descriptions: [ { lang: "en", value: "The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check \"taintness\" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "31430", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31430", }, { name: "31697", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31697", }, { name: "USN-651-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/651-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT3549", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264", }, { name: "DSA-1652", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1652", }, { name: "FEDORA-2008-8736", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html", }, { name: "oval:org.mitre.oval:def:9793", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9793", }, { name: "35074", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/35074", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", }, { name: "DSA-1651", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1651", }, { name: "APPLE-SA-2009-05-12", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html", }, { name: "30644", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/30644", }, { name: "RHSA-2008:0897", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/", }, { name: "32219", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32219", }, { name: "TA09-133A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-133A.html", }, { name: "ruby-dl-security-bypass(44372)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44372", }, { name: "32255", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32255", }, { name: "ADV-2009-1297", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/1297", }, { name: "20080831 rPSA-2008-0264-1 ruby", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/495884/100/0/threaded", }, { name: "32371", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32371", }, { name: "32165", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32165", }, { name: "GLSA-200812-17", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { name: "33178", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33178", }, { name: "ADV-2008-2334", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2334", }, { name: "1020652", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020652", }, { name: "FEDORA-2008-8738", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401", }, { name: "32256", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32256", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-3657", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check \"taintness\" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "31430", refsource: "SECUNIA", url: "http://secunia.com/advisories/31430", }, { name: "31697", refsource: "SECUNIA", url: "http://secunia.com/advisories/31697", }, { name: "USN-651-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/651-1/", }, { name: "http://support.apple.com/kb/HT3549", refsource: "CONFIRM", url: "http://support.apple.com/kb/HT3549", }, { name: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264", refsource: "CONFIRM", url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264", }, { name: "DSA-1652", refsource: "DEBIAN", url: "http://www.debian.org/security/2008/dsa-1652", }, { name: "FEDORA-2008-8736", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html", }, { name: "oval:org.mitre.oval:def:9793", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9793", }, { name: "35074", refsource: "SECUNIA", url: "http://secunia.com/advisories/35074", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", }, { name: "DSA-1651", refsource: "DEBIAN", url: "http://www.debian.org/security/2008/dsa-1651", }, { name: "APPLE-SA-2009-05-12", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html", }, { name: "30644", refsource: "BID", url: "http://www.securityfocus.com/bid/30644", }, { name: "RHSA-2008:0897", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { name: "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/", refsource: "CONFIRM", url: "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/", }, { name: "32219", refsource: "SECUNIA", url: "http://secunia.com/advisories/32219", }, { name: "TA09-133A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA09-133A.html", }, { name: "ruby-dl-security-bypass(44372)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44372", }, { name: "32255", refsource: "SECUNIA", url: "http://secunia.com/advisories/32255", }, { name: "ADV-2009-1297", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/1297", }, { name: "20080831 rPSA-2008-0264-1 ruby", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/495884/100/0/threaded", }, { name: "32371", refsource: "SECUNIA", url: "http://secunia.com/advisories/32371", }, { name: "32165", refsource: "SECUNIA", url: "http://secunia.com/advisories/32165", }, { name: "GLSA-200812-17", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { name: "33178", refsource: "SECUNIA", url: "http://secunia.com/advisories/33178", }, { name: "ADV-2008-2334", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/2334", }, { name: "1020652", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1020652", }, { name: "FEDORA-2008-8738", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html", }, { name: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401", refsource: "CONFIRM", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401", }, { name: "32256", refsource: "SECUNIA", url: "http://secunia.com/advisories/32256", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-3657", datePublished: "2008-08-13T01:00:00", dateReserved: "2008-08-12T00:00:00", dateUpdated: "2024-08-07T09:45:19.245Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-2686
Vulnerability from cvelistv5
Published
2011-08-05 21:00
Modified
2024-08-06 23:08
Severity ?
EPSS score ?
Summary
Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue exists because of a regression during Ruby 1.8.6 development.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T23:08:23.714Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20110712 Re: CVE Request: ruby PRNG fixes", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2011/07/12/14", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=722415", }, { name: "[oss-security] 20110720 Re: CVE Request: ruby PRNG fixes", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2011/07/20/16", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://redmine.ruby-lang.org/issues/show/4338", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_352/ChangeLog", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=31713", }, { name: "FEDORA-2011-9374", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063062.html", }, { name: "ruby-random-number-dos(69032)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/69032", }, { name: "[oss-security] 20110720 Re: CVE Request: ruby PRNG fixes", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2011/07/20/1", }, { name: "[oss-security] 20110711 CVE Request: ruby PRNG fixes", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2011/07/11/1", }, { name: "49015", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/49015", }, { name: "FEDORA-2011-9359", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063071.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-07-11T00:00:00", descriptions: [ { lang: "en", value: "Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue exists because of a regression during Ruby 1.8.6 development.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "[oss-security] 20110712 Re: CVE Request: ruby PRNG fixes", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2011/07/12/14", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=722415", }, { name: "[oss-security] 20110720 Re: CVE Request: ruby PRNG fixes", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2011/07/20/16", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://redmine.ruby-lang.org/issues/show/4338", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_352/ChangeLog", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=31713", }, { name: "FEDORA-2011-9374", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063062.html", }, { name: "ruby-random-number-dos(69032)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/69032", }, { name: "[oss-security] 20110720 Re: CVE Request: ruby PRNG fixes", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2011/07/20/1", }, { name: "[oss-security] 20110711 CVE Request: ruby PRNG fixes", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2011/07/11/1", }, { name: "49015", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/49015", }, { name: "FEDORA-2011-9359", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063071.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2011-2686", datePublished: "2011-08-05T21:00:00", dateReserved: "2011-07-11T00:00:00", dateUpdated: "2024-08-06T23:08:23.714Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-16255
Vulnerability from cvelistv5
Published
2019-11-26 00:00
Modified
2024-08-05 01:10
Severity ?
EPSS score ?
Summary
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:10:41.667Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://hackerone.com/reports/327512", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", }, { tags: [ "x_transferred", ], url: "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/", }, { tags: [ "x_transferred", ], url: "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/", }, { tags: [ "x_transferred", ], url: "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/", }, { tags: [ "x_transferred", ], url: "https://www.ruby-lang.org/ja/news/2019/10/01/code-injection-shell-test-cve-2019-16255/", }, { name: "[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html", }, { name: "20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Dec/31", }, { name: "20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Dec/32", }, { name: "DSA-4587", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4587", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "GLSA-202003-06", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202003-06", }, { name: "openSUSE-SU-2020:0395", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html", }, { name: "[debian-lts-announce] 20200816 [SECURITY] [DLA 2330-1] jruby security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html", }, { name: "[debian-lts-announce] 20230430 [SECURITY] [DLA 3408-1] jruby security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the \"command\" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-30T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://hackerone.com/reports/327512", }, { url: "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", }, { url: "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/", }, { url: "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/", }, { url: "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/", }, { url: "https://www.ruby-lang.org/ja/news/2019/10/01/code-injection-shell-test-cve-2019-16255/", }, { name: "[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html", }, { name: "20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", tags: [ "mailing-list", ], url: "https://seclists.org/bugtraq/2019/Dec/31", }, { name: "20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", tags: [ "mailing-list", ], url: "https://seclists.org/bugtraq/2019/Dec/32", }, { name: "DSA-4587", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2019/dsa-4587", }, { url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "GLSA-202003-06", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202003-06", }, { name: "openSUSE-SU-2020:0395", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html", }, { name: "[debian-lts-announce] 20200816 [SECURITY] [DLA 2330-1] jruby security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html", }, { name: "[debian-lts-announce] 20230430 [SECURITY] [DLA 3408-1] jruby security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-16255", datePublished: "2019-11-26T00:00:00", dateReserved: "2019-09-11T00:00:00", dateUpdated: "2024-08-05T01:10:41.667Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2009-1904
Vulnerability from cvelistv5
Published
2009-06-11 21:00
Modified
2024-08-07 05:27
Severity ?
EPSS score ?
Summary
The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T05:27:54.831Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ADV-2009-1563", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/1563", }, { name: "35937", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/35937", }, { name: "35593", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/35593", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://redmine.ruby-lang.org/issues/show/794", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.launchpad.net/bugs/cve/2009-1904", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532689", }, { name: "RHSA-2009:1140", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2009-1140.html", }, { name: "[pkgsrc-changes] 20090610 CVS commit: pkgsrc/lang/ruby18-base", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://mail-index.netbsd.org/pkgsrc-changes/2009/06/10/msg024708.html", }, { name: "[rubyonrails-security] 20090610 DoS Vulnerability in Ruby (CVE-2009-1904)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://groups.google.com/group/rubyonrails-security/msg/fad60751e2b9b4f6?dmode=source", }, { name: "1022371", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1022371", }, { name: "oval:org.mitre.oval:def:9780", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9780", }, { name: "APPLE-SA-2010-03-29-1", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", }, { name: "35399", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/35399", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://github.com/NZKoz/bigdecimal-segfault-fix/tree/master", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://weblog.rubyonrails.org/2009/6/10/dos-vulnerability-in-ruby/", }, { name: "USN-805-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-805-1", }, { name: "FEDORA-2009-13066", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00731.html", }, { name: "55031", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/55031", }, { name: "35278", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/35278", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.gentoo.org/show_bug.cgi?id=273213", }, { name: "37705", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/37705", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT4077", }, { name: "35699", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/35699", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.launchpad.net/bugs/385436", }, { name: "GLSA-200906-02", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200906-02.xml", }, { name: "MDVSA-2009:160", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:160", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ruby-forum.com/topic/189071", }, { name: "ruby-bigdecimal-dos(51032)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/51032", }, { name: "35527", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/35527", }, { name: "SSA:2009-170-02", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.430805", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-06-09T00:00:00", descriptions: [ { lang: "en", value: "The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "ADV-2009-1563", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/1563", }, { name: "35937", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/35937", }, { name: "35593", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/35593", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://redmine.ruby-lang.org/issues/show/794", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.launchpad.net/bugs/cve/2009-1904", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532689", }, { name: "RHSA-2009:1140", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2009-1140.html", }, { name: "[pkgsrc-changes] 20090610 CVS commit: pkgsrc/lang/ruby18-base", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://mail-index.netbsd.org/pkgsrc-changes/2009/06/10/msg024708.html", }, { name: "[rubyonrails-security] 20090610 DoS Vulnerability in Ruby (CVE-2009-1904)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://groups.google.com/group/rubyonrails-security/msg/fad60751e2b9b4f6?dmode=source", }, { name: "1022371", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1022371", }, { name: "oval:org.mitre.oval:def:9780", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9780", }, { name: "APPLE-SA-2010-03-29-1", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", }, { name: "35399", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/35399", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://github.com/NZKoz/bigdecimal-segfault-fix/tree/master", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://weblog.rubyonrails.org/2009/6/10/dos-vulnerability-in-ruby/", }, { name: "USN-805-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-805-1", }, { name: "FEDORA-2009-13066", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00731.html", }, { name: "55031", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/55031", }, { name: "35278", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/35278", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.gentoo.org/show_bug.cgi?id=273213", }, { name: "37705", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/37705", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT4077", }, { name: "35699", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/35699", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.launchpad.net/bugs/385436", }, { name: "GLSA-200906-02", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200906-02.xml", }, { name: "MDVSA-2009:160", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:160", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ruby-forum.com/topic/189071", }, { name: "ruby-bigdecimal-dos(51032)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/51032", }, { name: "35527", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/35527", }, { name: "SSA:2009-170-02", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.430805", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2009-1904", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ADV-2009-1563", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/1563", }, { name: "35937", refsource: "SECUNIA", url: "http://secunia.com/advisories/35937", }, { name: "35593", refsource: "SECUNIA", url: "http://secunia.com/advisories/35593", }, { name: "http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/", refsource: "CONFIRM", url: "http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/", }, { name: "http://redmine.ruby-lang.org/issues/show/794", refsource: "CONFIRM", url: "http://redmine.ruby-lang.org/issues/show/794", }, { name: "https://bugs.launchpad.net/bugs/cve/2009-1904", refsource: "CONFIRM", url: "https://bugs.launchpad.net/bugs/cve/2009-1904", }, { name: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532689", refsource: "CONFIRM", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532689", }, { name: "RHSA-2009:1140", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2009-1140.html", }, { name: "[pkgsrc-changes] 20090610 CVS commit: pkgsrc/lang/ruby18-base", refsource: "MLIST", url: "http://mail-index.netbsd.org/pkgsrc-changes/2009/06/10/msg024708.html", }, { name: "[rubyonrails-security] 20090610 DoS Vulnerability in Ruby (CVE-2009-1904)", refsource: "MLIST", url: "http://groups.google.com/group/rubyonrails-security/msg/fad60751e2b9b4f6?dmode=source", }, { name: "1022371", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1022371", }, { name: "oval:org.mitre.oval:def:9780", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9780", }, { name: "APPLE-SA-2010-03-29-1", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", }, { name: "35399", refsource: "SECUNIA", url: "http://secunia.com/advisories/35399", }, { name: "http://github.com/NZKoz/bigdecimal-segfault-fix/tree/master", refsource: "CONFIRM", url: "http://github.com/NZKoz/bigdecimal-segfault-fix/tree/master", }, { name: "http://weblog.rubyonrails.org/2009/6/10/dos-vulnerability-in-ruby/", refsource: "CONFIRM", url: "http://weblog.rubyonrails.org/2009/6/10/dos-vulnerability-in-ruby/", }, { name: "USN-805-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-805-1", }, { name: "FEDORA-2009-13066", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00731.html", }, { name: "55031", refsource: "OSVDB", url: "http://osvdb.org/55031", }, { name: "35278", refsource: "BID", url: "http://www.securityfocus.com/bid/35278", }, { name: "http://bugs.gentoo.org/show_bug.cgi?id=273213", refsource: "CONFIRM", url: "http://bugs.gentoo.org/show_bug.cgi?id=273213", }, { name: "37705", refsource: "SECUNIA", url: "http://secunia.com/advisories/37705", }, { name: "http://support.apple.com/kb/HT4077", refsource: "CONFIRM", url: "http://support.apple.com/kb/HT4077", }, { name: "35699", refsource: "SECUNIA", url: "http://secunia.com/advisories/35699", }, { name: "https://bugs.launchpad.net/bugs/385436", refsource: "CONFIRM", url: "https://bugs.launchpad.net/bugs/385436", }, { name: "GLSA-200906-02", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200906-02.xml", }, { name: "MDVSA-2009:160", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:160", }, { name: "http://www.ruby-forum.com/topic/189071", refsource: "CONFIRM", url: "http://www.ruby-forum.com/topic/189071", }, { name: "ruby-bigdecimal-dos(51032)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/51032", }, { name: "35527", refsource: "SECUNIA", url: "http://secunia.com/advisories/35527", }, { name: "SSA:2009-170-02", refsource: "SLACKWARE", url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.430805", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2009-1904", datePublished: "2009-06-11T21:00:00", dateReserved: "2009-06-03T00:00:00", dateUpdated: "2024-08-07T05:27:54.831Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-8778
Vulnerability from cvelistv5
Published
2018-04-03 22:00
Modified
2024-08-05 07:02
Severity ?
EPSS score ?
Summary
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:02:26.126Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", }, { name: "RHSA-2018:3729", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { name: "USN-3626-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3626-1/", }, { name: "1042004", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1042004", }, { name: "RHSA-2018:3730", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1358-1] ruby1.9.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html", }, { name: "RHSA-2018:3731", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", }, { name: "DSA-4259", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4259", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html", }, { name: "103693", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/103693", }, { name: "openSUSE-SU-2019:1771", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { name: "RHSA-2019:2028", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2028", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-03-28T00:00:00", descriptions: [ { lang: "en", value: "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-06T16:06:26", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", }, { name: "RHSA-2018:3729", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { name: "USN-3626-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3626-1/", }, { name: "1042004", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1042004", }, { name: "RHSA-2018:3730", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1358-1] ruby1.9.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html", }, { name: "RHSA-2018:3731", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", }, { name: "DSA-4259", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4259", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html", }, { name: "103693", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/103693", }, { name: "openSUSE-SU-2019:1771", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { name: "RHSA-2019:2028", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2028", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-8778", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", }, { name: "RHSA-2018:3729", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { name: "USN-3626-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3626-1/", }, { name: "1042004", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1042004", }, { name: "RHSA-2018:3730", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1358-1] ruby1.9.1 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html", }, { name: "RHSA-2018:3731", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { name: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", }, { name: "https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { name: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", }, { name: "DSA-4259", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4259", }, { name: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html", }, { name: "103693", refsource: "BID", url: "http://www.securityfocus.com/bid/103693", }, { name: "openSUSE-SU-2019:1771", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { name: "RHSA-2019:2028", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2028", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-8778", datePublished: "2018-04-03T22:00:00", dateReserved: "2018-03-19T00:00:00", dateUpdated: "2024-08-05T07:02:26.126Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-4815
Vulnerability from cvelistv5
Published
2011-12-30 01:00
Modified
2024-08-07 00:16
Severity ?
EPSS score ?
Summary
Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T00:16:35.050Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "47405", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/47405", }, { name: "1026474", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1026474", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.nruns.com/_downloads/advisory28122011.pdf", }, { name: "47822", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/47822", }, { name: "RHSA-2012:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2012-0070.html", }, { name: "JVN#90615481", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN90615481/index.html", }, { name: "ruby-hash-dos(72020)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/72020", }, { name: "VU#903934", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/903934", }, { name: "[ruby-talk] 20111228 [ANN] ruby 1.8.7 patchlevel 357 released", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ruby-lang.org/en/news/2011/12/28/denial-of-service-attack-was-found-for-rubys-hash-algorithm/", }, { name: "20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html", }, { name: "RHSA-2012:0069", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2012-0069.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT5281", }, { name: "APPLE-SA-2012-05-09-1", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html", }, { name: "JVNDB-2012-000066", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000066.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.ocert.org/advisories/ocert-2011-003.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-12-28T00:00:00", descriptions: [ { lang: "en", value: "Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "47405", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/47405", }, { name: "1026474", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1026474", }, { tags: [ "x_refsource_MISC", ], url: "http://www.nruns.com/_downloads/advisory28122011.pdf", }, { name: "47822", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/47822", }, { name: "RHSA-2012:0070", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2012-0070.html", }, { name: "JVN#90615481", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN90615481/index.html", }, { name: "ruby-hash-dos(72020)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/72020", }, { name: "VU#903934", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/903934", }, { name: "[ruby-talk] 20111228 [ANN] ruby 1.8.7 patchlevel 357 released", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ruby-lang.org/en/news/2011/12/28/denial-of-service-attack-was-found-for-rubys-hash-algorithm/", }, { name: "20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html", }, { name: "RHSA-2012:0069", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2012-0069.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT5281", }, { name: "APPLE-SA-2012-05-09-1", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html", }, { name: "JVNDB-2012-000066", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000066.html", }, { tags: [ "x_refsource_MISC", ], url: "http://www.ocert.org/advisories/ocert-2011-003.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2011-4815", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "47405", refsource: "SECUNIA", url: "http://secunia.com/advisories/47405", }, { name: "1026474", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1026474", }, { name: "http://www.nruns.com/_downloads/advisory28122011.pdf", refsource: "MISC", url: "http://www.nruns.com/_downloads/advisory28122011.pdf", }, { name: "47822", refsource: "SECUNIA", url: "http://secunia.com/advisories/47822", }, { name: "RHSA-2012:0070", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2012-0070.html", }, { name: "JVN#90615481", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN90615481/index.html", }, { name: "ruby-hash-dos(72020)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/72020", }, { name: "VU#903934", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/903934", }, { name: "[ruby-talk] 20111228 [ANN] ruby 1.8.7 patchlevel 357 released", refsource: "MLIST", url: "http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606", }, { name: "http://www.ruby-lang.org/en/news/2011/12/28/denial-of-service-attack-was-found-for-rubys-hash-algorithm/", refsource: "CONFIRM", url: "http://www.ruby-lang.org/en/news/2011/12/28/denial-of-service-attack-was-found-for-rubys-hash-algorithm/", }, { name: "20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html", }, { name: "RHSA-2012:0069", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2012-0069.html", }, { name: "http://support.apple.com/kb/HT5281", refsource: "CONFIRM", url: "http://support.apple.com/kb/HT5281", }, { name: "APPLE-SA-2012-05-09-1", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html", }, { name: "JVNDB-2012-000066", refsource: "JVNDB", url: "http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000066.html", }, { name: "http://www.ocert.org/advisories/ocert-2011-003.html", refsource: "MISC", url: "http://www.ocert.org/advisories/ocert-2011-003.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2011-4815", datePublished: "2011-12-30T01:00:00", dateReserved: "2011-12-14T00:00:00", dateUpdated: "2024-08-07T00:16:35.050Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4073
Vulnerability from cvelistv5
Published
2013-08-18 01:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:30:49.912Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-2738", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2013/dsa-2738", }, { name: "USN-1902-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1902-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel%21", }, { name: "RHSA-2013:1090", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1090.html", }, { name: "RHSA-2013:1103", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1103.html", }, { name: "APPLE-SA-2013-10-22-3", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT6150", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://puppet.com/security/cve/cve-2013-4073", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=979251", }, { name: "openSUSE-SU-2013:1181", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-07/msg00042.html", }, { name: "RHSA-2013:1137", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1137.html", }, { name: "openSUSE-SU-2013:1186", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-07/msg00044.html", }, { name: "DSA-2809", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2013/dsa-2809", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-06-27T00:00:00", descriptions: [ { lang: "en", value: "The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-12-08T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "DSA-2738", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2013/dsa-2738", }, { name: "USN-1902-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1902-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel%21", }, { name: "RHSA-2013:1090", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1090.html", }, { name: "RHSA-2013:1103", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1103.html", }, { name: "APPLE-SA-2013-10-22-3", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT6150", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://puppet.com/security/cve/cve-2013-4073", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=979251", }, { name: "openSUSE-SU-2013:1181", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-07/msg00042.html", }, { name: "RHSA-2013:1137", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1137.html", }, { name: "openSUSE-SU-2013:1186", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-07/msg00044.html", }, { name: "DSA-2809", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2013/dsa-2809", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-4073", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "DSA-2738", refsource: "DEBIAN", url: "http://www.debian.org/security/2013/dsa-2738", }, { name: "USN-1902-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-1902-1", }, { name: "http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel!", refsource: "CONFIRM", url: "http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel!", }, { name: "RHSA-2013:1090", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1090.html", }, { name: "RHSA-2013:1103", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1103.html", }, { name: "APPLE-SA-2013-10-22-3", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html", }, { name: "http://support.apple.com/kb/HT6150", refsource: "CONFIRM", url: "http://support.apple.com/kb/HT6150", }, { name: "https://puppet.com/security/cve/cve-2013-4073", refsource: "CONFIRM", url: "https://puppet.com/security/cve/cve-2013-4073", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=979251", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=979251", }, { name: "openSUSE-SU-2013:1181", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-07/msg00042.html", }, { name: "RHSA-2013:1137", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1137.html", }, { name: "openSUSE-SU-2013:1186", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-07/msg00044.html", }, { name: "DSA-2809", refsource: "DEBIAN", url: "http://www.debian.org/security/2013/dsa-2809", }, { name: "http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/", refsource: "CONFIRM", url: "http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-4073", datePublished: "2013-08-18T01:00:00", dateReserved: "2013-06-09T00:00:00", dateUpdated: "2024-08-06T16:30:49.912Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-5647
Vulnerability from cvelistv5
Published
2013-08-29 10:00
Modified
2024-09-16 23:31
Severity ?
EPSS score ?
Summary
lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.
References
| ▼ | URL | Tags |
|---|---|---|
| http://vapid.dhs.org/advisories/sounder-ruby-gem-cmd-inj.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T17:15:21.547Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://vapid.dhs.org/advisories/sounder-ruby-gem-cmd-inj.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-08-29T10:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://vapid.dhs.org/advisories/sounder-ruby-gem-cmd-inj.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-5647", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://vapid.dhs.org/advisories/sounder-ruby-gem-cmd-inj.html", refsource: "MISC", url: "http://vapid.dhs.org/advisories/sounder-ruby-gem-cmd-inj.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-5647", datePublished: "2013-08-29T10:00:00Z", dateReserved: "2013-08-28T00:00:00Z", dateUpdated: "2024-09-16T23:31:53.471Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-2734
Vulnerability from cvelistv5
Published
2014-04-24 23:00
Modified
2024-08-06 10:21
Severity ?
EPSS score ?
Summary
The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence of filesystem operations. NOTE: this issue has been disputed by the Ruby OpenSSL team and third parties, who state that the original demonstration PoC contains errors and redundant or unnecessarily-complex code that does not appear to be related to a demonstration of the issue. As of 20140502, CVE is not aware of any public comment by the original researcher
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/126218/Ruby-OpenSSL-Private-Key-Spoofing.html | x_refsource_MISC | |
| http://www.osvdb.org/106006 | vdb-entry, x_refsource_OSVDB | |
| https://news.ycombinator.com/item?id=7601973 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/66956 | vdb-entry, x_refsource_BID | |
| http://seclists.org/fulldisclosure/2014/May/13 | mailing-list, x_refsource_FULLDISC | |
| https://gist.github.com/10446549 | x_refsource_MISC | |
| https://www.ruby-lang.org/en/news/2014/05/09/dispute-of-vulnerability-cve-2014-2734/ | x_refsource_MISC | |
| https://gist.github.com/emboss/91696b56cd227c8a0c13 | x_refsource_MISC | |
| https://github.com/adrienthebo/cve-2014-2734/ | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2014/Apr/231 | mailing-list, x_refsource_FULLDISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:21:36.074Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/126218/Ruby-OpenSSL-Private-Key-Spoofing.html", }, { name: "106006", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/106006", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://news.ycombinator.com/item?id=7601973", }, { name: "66956", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/66956", }, { name: "20140502 Re: Ruby OpenSSL private key spoofing ~ CVE-2014-2734 with PoC", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2014/May/13", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gist.github.com/10446549", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2014/05/09/dispute-of-vulnerability-cve-2014-2734/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gist.github.com/emboss/91696b56cd227c8a0c13", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/adrienthebo/cve-2014-2734/", }, { name: "20140416 Ruby OpenSSL private key spoofing ~ CVE-2014-2734 with PoC", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2014/Apr/231", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-04-16T00:00:00", descriptions: [ { lang: "en", value: "The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence of filesystem operations. NOTE: this issue has been disputed by the Ruby OpenSSL team and third parties, who state that the original demonstration PoC contains errors and redundant or unnecessarily-complex code that does not appear to be related to a demonstration of the issue. As of 20140502, CVE is not aware of any public comment by the original researcher", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-11-15T19:57:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/126218/Ruby-OpenSSL-Private-Key-Spoofing.html", }, { name: "106006", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/106006", }, { tags: [ "x_refsource_MISC", ], url: "https://news.ycombinator.com/item?id=7601973", }, { name: "66956", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/66956", }, { name: "20140502 Re: Ruby OpenSSL private key spoofing ~ CVE-2014-2734 with PoC", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2014/May/13", }, { tags: [ "x_refsource_MISC", ], url: "https://gist.github.com/10446549", }, { tags: [ "x_refsource_MISC", ], url: "https://www.ruby-lang.org/en/news/2014/05/09/dispute-of-vulnerability-cve-2014-2734/", }, { tags: [ "x_refsource_MISC", ], url: "https://gist.github.com/emboss/91696b56cd227c8a0c13", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/adrienthebo/cve-2014-2734/", }, { name: "20140416 Ruby OpenSSL private key spoofing ~ CVE-2014-2734 with PoC", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2014/Apr/231", }, ], tags: [ "disputed", ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-2734", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** DISPUTED ** The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence of filesystem operations. NOTE: this issue has been disputed by the Ruby OpenSSL team and third parties, who state that the original demonstration PoC contains errors and redundant or unnecessarily-complex code that does not appear to be related to a demonstration of the issue. As of 20140502, CVE is not aware of any public comment by the original researcher.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/126218/Ruby-OpenSSL-Private-Key-Spoofing.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/126218/Ruby-OpenSSL-Private-Key-Spoofing.html", }, { name: "106006", refsource: "OSVDB", url: "http://www.osvdb.org/106006", }, { name: "https://news.ycombinator.com/item?id=7601973", refsource: "MISC", url: "https://news.ycombinator.com/item?id=7601973", }, { name: "66956", refsource: "BID", url: "http://www.securityfocus.com/bid/66956", }, { name: "20140502 Re: Ruby OpenSSL private key spoofing ~ CVE-2014-2734 with PoC", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2014/May/13", }, { name: "https://gist.github.com/10446549", refsource: "MISC", url: "https://gist.github.com/10446549", }, { name: "https://www.ruby-lang.org/en/news/2014/05/09/dispute-of-vulnerability-cve-2014-2734/", refsource: "MISC", url: "https://www.ruby-lang.org/en/news/2014/05/09/dispute-of-vulnerability-cve-2014-2734/", }, { name: "https://gist.github.com/emboss/91696b56cd227c8a0c13", refsource: "MISC", url: "https://gist.github.com/emboss/91696b56cd227c8a0c13", }, { name: "https://github.com/adrienthebo/cve-2014-2734/", refsource: "MISC", url: "https://github.com/adrienthebo/cve-2014-2734/", }, { name: "20140416 Ruby OpenSSL private key spoofing ~ CVE-2014-2734 with PoC", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2014/Apr/231", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-2734", datePublished: "2014-04-24T23:00:00", dateReserved: "2014-04-08T00:00:00", dateUpdated: "2024-08-06T10:21:36.074Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-31799
Vulnerability from cvelistv5
Published
2021-07-29 00:00
Modified
2024-10-15 20:28
Severity ?
EPSS score ?
Summary
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:10:29.996Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[debian-lts-announce] 20211013 [SECURITY] [DLA 2780-1] ruby2.3 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/10/msg00009.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/", }, { tags: [ "x_transferred", ], url: "https://security-tracker.debian.org/tracker/CVE-2021-31799", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210902-0004/", }, { name: "GLSA-202401-05", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202401-05", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2021-31799", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T17:16:06.341905Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-15T20:28:31.276Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-05T14:06:20.190720", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[debian-lts-announce] 20211013 [SECURITY] [DLA 2780-1] ruby2.3 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2021/10/msg00009.html", }, { url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { url: "https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/", }, { url: "https://security-tracker.debian.org/tracker/CVE-2021-31799", }, { url: "https://security.netapp.com/advisory/ntap-20210902-0004/", }, { name: "GLSA-202401-05", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202401-05", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-31799", datePublished: "2021-07-29T00:00:00", dateReserved: "2021-04-25T00:00:00", dateUpdated: "2024-10-15T20:28:31.276Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-10784
Vulnerability from cvelistv5
Published
2017-09-19 17:00
Modified
2024-08-05 17:50
Severity ?
EPSS score ?
Summary
The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T17:50:11.932Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-3685-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3685-1/", }, { name: "RHSA-2018:0585", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0585", }, { name: "USN-3528-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3528-1/", }, { name: "100853", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/100853", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/", }, { name: "RHSA-2018:0378", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0378", }, { name: "1042004", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1042004", }, { name: "DSA-4031", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2017/dsa-4031", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/", }, { name: "1039363", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1039363", }, { name: "RHSA-2017:3485", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:3485", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { name: "RHSA-2018:0583", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/", }, { name: "GLSA-201710-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201710-18", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-09-14T00:00:00", descriptions: [ { lang: "en", value: "The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-31T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "USN-3685-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3685-1/", }, { name: "RHSA-2018:0585", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0585", }, { name: "USN-3528-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3528-1/", }, { name: "100853", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/100853", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/", }, { name: "RHSA-2018:0378", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0378", }, { name: "1042004", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1042004", }, { name: "DSA-4031", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2017/dsa-4031", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/", }, { name: "1039363", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1039363", }, { name: "RHSA-2017:3485", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:3485", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { name: "RHSA-2018:0583", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/", }, { name: "GLSA-201710-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201710-18", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-10784", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "USN-3685-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3685-1/", }, { name: "RHSA-2018:0585", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0585", }, { name: "USN-3528-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3528-1/", }, { name: "100853", refsource: "BID", url: "http://www.securityfocus.com/bid/100853", }, { name: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/", }, { name: "RHSA-2018:0378", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0378", }, { name: "1042004", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1042004", }, { name: "DSA-4031", refsource: "DEBIAN", url: "https://www.debian.org/security/2017/dsa-4031", }, { name: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/", }, { name: "1039363", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039363", }, { name: "RHSA-2017:3485", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:3485", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { name: "RHSA-2018:0583", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { name: "https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/", }, { name: "GLSA-201710-18", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201710-18", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-10784", datePublished: "2017-09-19T17:00:00", dateReserved: "2017-07-01T00:00:00", dateUpdated: "2024-08-05T17:50:11.932Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-2339
Vulnerability from cvelistv5
Published
2017-01-06 21:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/91234 | vdb-entry, x_refsource_BID | |
| http://www.talosintelligence.com/reports/TALOS-2016-0034/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:24:48.934Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { name: "91234", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/91234", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.talosintelligence.com/reports/TALOS-2016-0034/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Ruby", vendor: "Ruby", versions: [ { status: "affected", version: "2.3.0 dev", }, { status: "affected", version: "2.2.2", }, ], }, ], datePublic: "2016-06-14T00:00:00", descriptions: [ { lang: "en", value: "An exploitable heap overflow vulnerability exists in the Fiddle::Function.new \"initialize\" function functionality of Ruby. In Fiddle::Function.new \"initialize\" heap buffer \"arg_types\" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.", }, ], problemTypes: [ { descriptions: [ { description: "heap overflow vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-07-14T09:57:01", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { name: "91234", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/91234", }, { tags: [ "x_refsource_MISC", ], url: "http://www.talosintelligence.com/reports/TALOS-2016-0034/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cert@cert.org", ID: "CVE-2016-2339", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Ruby", version: { version_data: [ { version_value: "2.3.0 dev", }, { version_value: "2.2.2", }, ], }, }, ], }, vendor_name: "Ruby", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An exploitable heap overflow vulnerability exists in the Fiddle::Function.new \"initialize\" function functionality of Ruby. In Fiddle::Function.new \"initialize\" heap buffer \"arg_types\" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "heap overflow vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { name: "91234", refsource: "BID", url: "http://www.securityfocus.com/bid/91234", }, { name: "http://www.talosintelligence.com/reports/TALOS-2016-0034/", refsource: "MISC", url: "http://www.talosintelligence.com/reports/TALOS-2016-0034/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2016-2339", datePublished: "2017-01-06T21:00:00", dateReserved: "2016-02-12T00:00:00", dateUpdated: "2024-08-05T23:24:48.934Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-28739
Vulnerability from cvelistv5
Published
2022-05-09 00:00
Modified
2025-02-13 16:32
Severity ?
EPSS score ?
Summary
There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:03:52.581Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://hackerone.com/reports/1248108", }, { tags: [ "x_transferred", ], url: "https://security-tracker.debian.org/tracker/CVE-2022-28739", }, { tags: [ "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220624-0002/", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213488", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213494", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213493", }, { name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Oct/41", }, { name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Oct/28", }, { name: "20221030 APPLE-SA-2022-10-24-4 macOS Big Sur 11.7.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Oct/30", }, { name: "20221030 APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Oct/29", }, { name: "20221030 APPLE-SA-2022-10-27-6 Additional information for APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Oct/42", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202401-27", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-24T05:06:24.719Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://hackerone.com/reports/1248108", }, { url: "https://security-tracker.debian.org/tracker/CVE-2022-28739", }, { url: "https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/", }, { url: "https://security.netapp.com/advisory/ntap-20220624-0002/", }, { url: "https://support.apple.com/kb/HT213488", }, { url: "https://support.apple.com/kb/HT213494", }, { url: "https://support.apple.com/kb/HT213493", }, { name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Oct/41", }, { name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Oct/28", }, { name: "20221030 APPLE-SA-2022-10-24-4 macOS Big Sur 11.7.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Oct/30", }, { name: "20221030 APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Oct/29", }, { name: "20221030 APPLE-SA-2022-10-27-6 Additional information for APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Oct/42", }, { url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html", }, { url: "https://security.gentoo.org/glsa/202401-27", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-28739", datePublished: "2022-05-09T00:00:00.000Z", dateReserved: "2022-04-06T00:00:00.000Z", dateUpdated: "2025-02-13T16:32:37.954Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-2662
Vulnerability from cvelistv5
Published
2008-06-24 19:00
Modified
2024-08-07 09:05
Severity ?
EPSS score ?
Summary
Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:05:30.275Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SR:2008:017", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT2163", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", }, { name: "MDVSA-2008:141", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { name: "30875", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30875", }, { name: "ADV-2008-1981", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { name: "ADV-2008-1907", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1907/references", }, { name: "DSA-1618", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1618", }, { name: "31687", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31687", }, { name: "30894", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30894", }, { name: "31062", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31062", }, { name: "31256", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31256", }, { name: "20080626 rPSA-2008-0206-1 ruby", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/493688/100/0/threaded", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", }, { name: "SSA:2008-179-01", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562", }, { name: "APPLE-SA-2008-06-30", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { name: "1020347", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020347", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", }, { name: "oval:org.mitre.oval:def:11601", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11601", }, { name: "FEDORA-2008-5649", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", }, { name: "MDVSA-2008:140", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { name: "30802", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30802", }, { name: "30831", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30831", }, { name: "RHSA-2008:0561", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0561.html", }, { name: "ruby-rbstrbufappend-code-execution(43345)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43345", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://issues.rpath.com/browse/RPL-2626", }, { name: "DSA-1612", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1612", }, { name: "GLSA-200812-17", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { name: "33178", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33178", }, { name: "29903", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29903", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", }, { name: "30867", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30867", }, { name: "MDVSA-2008:142", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.ruby-forum.com/topic/157034", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", }, { name: "USN-621-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-621-1", }, { name: "31181", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31181", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-06-21T00:00:00", descriptions: [ { lang: "en", value: "Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "SUSE-SR:2008:017", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT2163", }, { tags: [ "x_refsource_MISC", ], url: "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", }, { name: "MDVSA-2008:141", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { name: "30875", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30875", }, { name: "ADV-2008-1981", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { name: "ADV-2008-1907", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1907/references", }, { name: "DSA-1618", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1618", }, { name: "31687", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31687", }, { name: "30894", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30894", }, { name: "31062", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31062", }, { name: "31256", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31256", }, { name: "20080626 rPSA-2008-0206-1 ruby", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/493688/100/0/threaded", }, { tags: [ "x_refsource_MISC", ], url: "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", }, { name: "SSA:2008-179-01", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562", }, { name: "APPLE-SA-2008-06-30", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { name: "1020347", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020347", }, { tags: [ "x_refsource_MISC", ], url: "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", }, { name: "oval:org.mitre.oval:def:11601", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11601", }, { name: "FEDORA-2008-5649", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", }, { name: "MDVSA-2008:140", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { name: "30802", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30802", }, { name: "30831", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30831", }, { name: "RHSA-2008:0561", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0561.html", }, { name: "ruby-rbstrbufappend-code-execution(43345)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43345", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://issues.rpath.com/browse/RPL-2626", }, { name: "DSA-1612", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1612", }, { name: "GLSA-200812-17", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { name: "33178", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33178", }, { name: "29903", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29903", }, { tags: [ "x_refsource_MISC", ], url: "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", }, { name: "30867", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30867", }, { name: "MDVSA-2008:142", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", }, { tags: [ "x_refsource_MISC", ], url: "http://www.ruby-forum.com/topic/157034", }, { tags: [ "x_refsource_MISC", ], url: "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", }, { name: "USN-621-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-621-1", }, { name: "31181", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31181", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-2662", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "SUSE-SR:2008:017", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { name: "http://support.apple.com/kb/HT2163", refsource: "CONFIRM", url: "http://support.apple.com/kb/HT2163", }, { name: "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", refsource: "MISC", url: "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", }, { name: "MDVSA-2008:141", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { name: "30875", refsource: "SECUNIA", url: "http://secunia.com/advisories/30875", }, { name: "ADV-2008-1981", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { name: "ADV-2008-1907", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1907/references", }, { name: "DSA-1618", refsource: "DEBIAN", url: "http://www.debian.org/security/2008/dsa-1618", }, { name: "31687", refsource: "SECUNIA", url: "http://secunia.com/advisories/31687", }, { name: "30894", refsource: "SECUNIA", url: "http://secunia.com/advisories/30894", }, { name: "31062", refsource: "SECUNIA", url: "http://secunia.com/advisories/31062", }, { name: "31256", refsource: "SECUNIA", url: "http://secunia.com/advisories/31256", }, { name: "20080626 rPSA-2008-0206-1 ruby", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/493688/100/0/threaded", }, { name: "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", refsource: "MISC", url: "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", }, { name: "SSA:2008-179-01", refsource: "SLACKWARE", url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562", }, { name: "APPLE-SA-2008-06-30", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { name: "1020347", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1020347", }, { name: "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", refsource: "MISC", url: "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", }, { name: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", refsource: "CONFIRM", url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", }, { name: "oval:org.mitre.oval:def:11601", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11601", }, { name: "FEDORA-2008-5649", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", }, { name: "MDVSA-2008:140", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { name: "30802", refsource: "SECUNIA", url: "http://secunia.com/advisories/30802", }, { name: "30831", refsource: "SECUNIA", url: "http://secunia.com/advisories/30831", }, { name: "RHSA-2008:0561", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2008-0561.html", }, { name: "ruby-rbstrbufappend-code-execution(43345)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43345", }, { name: "https://issues.rpath.com/browse/RPL-2626", refsource: "CONFIRM", url: "https://issues.rpath.com/browse/RPL-2626", }, { name: "DSA-1612", refsource: "DEBIAN", url: "http://www.debian.org/security/2008/dsa-1612", }, { name: "GLSA-200812-17", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { name: "33178", refsource: "SECUNIA", url: "http://secunia.com/advisories/33178", }, { name: "29903", refsource: "BID", url: "http://www.securityfocus.com/bid/29903", }, { name: "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", refsource: "MISC", url: "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", }, { name: "30867", refsource: "SECUNIA", url: "http://secunia.com/advisories/30867", }, { name: "MDVSA-2008:142", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { name: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", refsource: "CONFIRM", url: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", }, { name: "http://www.ruby-forum.com/topic/157034", refsource: "MISC", url: "http://www.ruby-forum.com/topic/157034", }, { name: "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", refsource: "MISC", url: "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", }, { name: "USN-621-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/usn-621-1", }, { name: "31181", refsource: "SECUNIA", url: "http://secunia.com/advisories/31181", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-2662", datePublished: "2008-06-24T19:00:00", dateReserved: "2008-06-10T00:00:00", dateUpdated: "2024-08-07T09:05:30.275Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2009-4492
Vulnerability from cvelistv5
Published
2010-01-13 20:00
Modified
2024-08-07 07:01
Severity ?
EPSS score ?
Summary
WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2011-0909.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/37949 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2010/0089 | vdb-entry, x_refsource_VUPEN | |
| http://www.redhat.com/support/errata/RHSA-2011-0908.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.ush.it/team/ush/hack_httpd_escape/adv.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/37710 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/508830/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securitytracker.com/id?1023429 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T07:01:20.327Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection", }, { name: "RHSA-2011:0909", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0909.html", }, { name: "37949", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/37949", }, { name: "ADV-2010-0089", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2010/0089", }, { name: "RHSA-2011:0908", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0908.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt", }, { name: "37710", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/37710", }, { name: "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/508830/100/0/threaded", }, { name: "1023429", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1023429", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2010-01-10T00:00:00", descriptions: [ { lang: "en", value: "WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-10T18:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection", }, { name: "RHSA-2011:0909", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0909.html", }, { name: "37949", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/37949", }, { name: "ADV-2010-0089", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2010/0089", }, { name: "RHSA-2011:0908", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0908.html", }, { tags: [ "x_refsource_MISC", ], url: "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt", }, { name: "37710", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/37710", }, { name: "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/508830/100/0/threaded", }, { name: "1023429", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1023429", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2009-4492", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection", refsource: "CONFIRM", url: "http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection", }, { name: "RHSA-2011:0909", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2011-0909.html", }, { name: "37949", refsource: "SECUNIA", url: "http://secunia.com/advisories/37949", }, { name: "ADV-2010-0089", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2010/0089", }, { name: "RHSA-2011:0908", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2011-0908.html", }, { name: "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt", refsource: "MISC", url: "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt", }, { name: "37710", refsource: "BID", url: "http://www.securityfocus.com/bid/37710", }, { name: "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/508830/100/0/threaded", }, { name: "1023429", refsource: "SECTRACK", url: "http://securitytracker.com/id?1023429", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2009-4492", datePublished: "2010-01-13T20:00:00", dateReserved: "2009-12-30T00:00:00", dateUpdated: "2024-08-07T07:01:20.327Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-1005
Vulnerability from cvelistv5
Published
2011-03-02 19:00
Modified
2024-08-06 22:14
Severity ?
EPSS score ?
Summary
The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T22:14:26.987Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2011:0910", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0910.html", }, { name: "[oss-security] 20110221 Re: CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2011/02/21/5", }, { name: "MDVSA-2011:098", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:098", }, { name: "ADV-2011-0539", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2011/0539", }, { name: "RHSA-2011:0909", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0909.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=678920", }, { name: "43573", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/43573", }, { name: "[oss-security] 20110221 CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2011/02/21/2", }, { name: "RHSA-2011:0908", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0908.html", }, { name: "70957", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/70957", }, { name: "FEDORA-2011-1876", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054422.html", }, { name: "FEDORA-2011-1913", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054436.html", }, { name: "46458", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/46458", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT5281", }, { name: "MDVSA-2011:097", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:097", }, { name: "APPLE-SA-2012-05-09-1", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html", }, { name: "43420", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/43420", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-02-18T00:00:00", descriptions: [ { lang: "en", value: "The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2011-03-10T10:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2011:0910", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0910.html", }, { name: "[oss-security] 20110221 Re: CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2011/02/21/5", }, { name: "MDVSA-2011:098", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:098", }, { name: "ADV-2011-0539", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2011/0539", }, { name: "RHSA-2011:0909", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0909.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=678920", }, { name: "43573", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/43573", }, { name: "[oss-security] 20110221 CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2011/02/21/2", }, { name: "RHSA-2011:0908", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0908.html", }, { name: "70957", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/70957", }, { name: "FEDORA-2011-1876", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054422.html", }, { name: "FEDORA-2011-1913", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054436.html", }, { name: "46458", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/46458", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT5281", }, { name: "MDVSA-2011:097", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:097", }, { name: "APPLE-SA-2012-05-09-1", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html", }, { name: "43420", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/43420", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2011-1005", datePublished: "2011-03-02T19:00:00", dateReserved: "2011-02-14T00:00:00", dateUpdated: "2024-08-06T22:14:26.987Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-28966
Vulnerability from cvelistv5
Published
2021-07-27 16:01
Modified
2024-08-03 21:55
Severity ?
EPSS score ?
Summary
In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir.
References
| ▼ | URL | Tags |
|---|---|---|
| https://hackerone.com/reports/1131465 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210902-0004/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:55:12.239Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://hackerone.com/reports/1131465", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210902-0004/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-09-02T08:06:33", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://hackerone.com/reports/1131465", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210902-0004/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-28966", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://hackerone.com/reports/1131465", refsource: "MISC", url: "https://hackerone.com/reports/1131465", }, { name: "https://security.netapp.com/advisory/ntap-20210902-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210902-0004/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-28966", datePublished: "2021-07-27T16:01:12", dateReserved: "2021-03-22T00:00:00", dateUpdated: "2024-08-03T21:55:12.239Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-27220
Vulnerability from cvelistv5
Published
2025-03-03 00:00
Modified
2025-03-04 16:40
Severity ?
EPSS score ?
Summary
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-27220", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-04T16:39:36.614961Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-04T16:40:22.900Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "CGI", vendor: "ruby-lang", versions: [ { lessThan: "0.3.5.1", status: "affected", version: "0", versionType: "custom", }, { lessThan: "0.3.7", status: "affected", version: "0.3.6", versionType: "custom", }, { lessThan: "0.4.2", status: "affected", version: "0.4.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:*:*:*", versionEndExcluding: "0.3.5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:*:*:*", versionEndExcluding: "0.3.7", versionStartIncluding: "0.3.6", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:*:*:*", versionEndExcluding: "0.4.2", versionStartIncluding: "0.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], descriptions: [ { lang: "en", value: "In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.", }, ], metrics: [ { cvssV3_1: { baseScore: 4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1333", description: "CWE-1333 Inefficient Regular Expression Complexity", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-03T23:46:21.977Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://hackerone.com/reports/2890322", }, { url: "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27220.yml", }, ], x_generator: { engine: "enrichogram 0.0.1", }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2025-27220", datePublished: "2025-03-03T00:00:00.000Z", dateReserved: "2025-02-20T00:00:00.000Z", dateUpdated: "2025-03-04T16:40:22.900Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4363
Vulnerability from cvelistv5
Published
2013-10-17 23:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. NOTE: this issue is due to an incomplete fix for CVE-2013-4287.
References
| ▼ | URL | Tags |
|---|---|---|
| https://puppet.com/security/cve/cve-2013-4363 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2013/09/18/8 | mailing-list, x_refsource_MLIST | |
| http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2013/09/14/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2013/09/20/1 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:38:01.886Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://puppet.com/security/cve/cve-2013-4363", }, { name: "[oss-security] 20130918 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/09/18/8", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html", }, { name: "[oss-security] 20130915 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/09/14/3", }, { name: "[oss-security] 20130920 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/09/20/1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-09-15T00:00:00", descriptions: [ { lang: "en", value: "Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. NOTE: this issue is due to an incomplete fix for CVE-2013-4287.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-12-08T10:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://puppet.com/security/cve/cve-2013-4363", }, { name: "[oss-security] 20130918 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2013/09/18/8", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html", }, { name: "[oss-security] 20130915 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2013/09/14/3", }, { name: "[oss-security] 20130920 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2013/09/20/1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2013-4363", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. NOTE: this issue is due to an incomplete fix for CVE-2013-4287.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://puppet.com/security/cve/cve-2013-4363", refsource: "CONFIRM", url: "https://puppet.com/security/cve/cve-2013-4363", }, { name: "[oss-security] 20130918 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2013/09/18/8", }, { name: "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html", refsource: "CONFIRM", url: "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html", }, { name: "[oss-security] 20130915 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2013/09/14/3", }, { name: "[oss-security] 20130920 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2013/09/20/1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-4363", datePublished: "2013-10-17T23:00:00", dateReserved: "2013-06-12T00:00:00", dateUpdated: "2024-08-06T16:38:01.886Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-3790
Vulnerability from cvelistv5
Published
2008-08-27 20:00
Modified
2024-08-07 09:52
Severity ?
EPSS score ?
Summary
The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explosion."
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:52:59.694Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-651-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/651-1/", }, { name: "33185", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33185", }, { name: "oval:org.mitre.oval:def:10393", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10393", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT3549", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ruby-lang.org/security/20080823rexml/rexml-expansion-fix.rb", }, { name: "1020735", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020735", }, { name: "DSA-1652", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1652", }, { name: "FEDORA-2008-8736", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html", }, { name: "ADV-2008-2428", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2428", }, { name: "ruby-rexml-dos(44628)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44628", }, { name: "35074", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/35074", }, { name: "[oss-security] 20080826 Re: CVE Request (ruby)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2008/08/26/4", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://weblog.rubyonrails.org/2008/9/3/rails-2-0-4-maintenance-release", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", }, { name: "DSA-1651", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1651", }, { name: "APPLE-SA-2009-05-12", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/", }, { name: "RHSA-2008:0897", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://groups.google.com/group/comp.lang.ruby/browse_thread/thread/19f69e8a081fc0d1/e138e014b74352ca", }, { name: "[oss-security] 20080825 CVE Request (ruby)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2008/08/25/4", }, { name: "32219", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32219", }, { name: "TA09-133A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-133A.html", }, { name: "32255", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32255", }, { name: "ADV-2009-1297", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/1297", }, { name: "30802", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/30802", }, { name: "USN-691-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/691-1/", }, { name: "[oss-security] 20080826 Re: CVE Request (ruby)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2008/08/26/1", }, { name: "32371", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32371", }, { name: "32165", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32165", }, { name: "GLSA-200812-17", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { name: "33178", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33178", }, { name: "FEDORA-2008-8738", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html", }, { name: "32256", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32256", }, { name: "31602", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31602", }, { name: "ADV-2008-2483", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2483", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-08-23T00:00:00", descriptions: [ { lang: "en", value: "The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an \"XML entity explosion.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-03T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "USN-651-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/651-1/", }, { name: "33185", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33185", }, { name: "oval:org.mitre.oval:def:10393", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10393", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT3549", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ruby-lang.org/security/20080823rexml/rexml-expansion-fix.rb", }, { name: "1020735", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020735", }, { name: "DSA-1652", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1652", }, { name: "FEDORA-2008-8736", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html", }, { name: "ADV-2008-2428", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2428", }, { name: "ruby-rexml-dos(44628)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44628", }, { name: "35074", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/35074", }, { name: "[oss-security] 20080826 Re: CVE Request (ruby)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2008/08/26/4", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://weblog.rubyonrails.org/2008/9/3/rails-2-0-4-maintenance-release", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", }, { name: "DSA-1651", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1651", }, { name: "APPLE-SA-2009-05-12", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/", }, { name: "RHSA-2008:0897", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { tags: [ "x_refsource_MISC", ], url: "http://groups.google.com/group/comp.lang.ruby/browse_thread/thread/19f69e8a081fc0d1/e138e014b74352ca", }, { name: "[oss-security] 20080825 CVE Request (ruby)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2008/08/25/4", }, { name: "32219", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32219", }, { name: "TA09-133A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-133A.html", }, { name: "32255", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32255", }, { name: "ADV-2009-1297", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/1297", }, { name: "30802", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/30802", }, { name: "USN-691-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/691-1/", }, { name: "[oss-security] 20080826 Re: CVE Request (ruby)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2008/08/26/1", }, { name: "32371", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32371", }, { name: "32165", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32165", }, { name: "GLSA-200812-17", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { name: "33178", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33178", }, { name: "FEDORA-2008-8738", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html", }, { name: "32256", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32256", }, { name: "31602", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31602", }, { name: "ADV-2008-2483", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2483", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-3790", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an \"XML entity explosion.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "USN-651-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/651-1/", }, { name: "33185", refsource: "SECUNIA", url: "http://secunia.com/advisories/33185", }, { name: "oval:org.mitre.oval:def:10393", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10393", }, { name: "http://support.apple.com/kb/HT3549", refsource: "CONFIRM", url: "http://support.apple.com/kb/HT3549", }, { name: "http://www.ruby-lang.org/security/20080823rexml/rexml-expansion-fix.rb", refsource: "CONFIRM", url: "http://www.ruby-lang.org/security/20080823rexml/rexml-expansion-fix.rb", }, { name: "1020735", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1020735", }, { name: "DSA-1652", refsource: "DEBIAN", url: "http://www.debian.org/security/2008/dsa-1652", }, { name: "FEDORA-2008-8736", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html", }, { name: "ADV-2008-2428", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/2428", }, { name: "ruby-rexml-dos(44628)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44628", }, { name: "35074", refsource: "SECUNIA", url: "http://secunia.com/advisories/35074", }, { name: "[oss-security] 20080826 Re: CVE Request (ruby)", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2008/08/26/4", }, { name: "http://weblog.rubyonrails.org/2008/9/3/rails-2-0-4-maintenance-release", refsource: "CONFIRM", url: "http://weblog.rubyonrails.org/2008/9/3/rails-2-0-4-maintenance-release", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", }, { name: "DSA-1651", refsource: "DEBIAN", url: "http://www.debian.org/security/2008/dsa-1651", }, { name: "APPLE-SA-2009-05-12", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html", }, { name: "http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/", refsource: "CONFIRM", url: "http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/", }, { name: "RHSA-2008:0897", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { name: "http://groups.google.com/group/comp.lang.ruby/browse_thread/thread/19f69e8a081fc0d1/e138e014b74352ca", refsource: "MISC", url: "http://groups.google.com/group/comp.lang.ruby/browse_thread/thread/19f69e8a081fc0d1/e138e014b74352ca", }, { name: "[oss-security] 20080825 CVE Request (ruby)", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2008/08/25/4", }, { name: "32219", refsource: "SECUNIA", url: "http://secunia.com/advisories/32219", }, { name: "TA09-133A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA09-133A.html", }, { name: "32255", refsource: "SECUNIA", url: "http://secunia.com/advisories/32255", }, { name: "ADV-2009-1297", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/1297", }, { name: "30802", refsource: "BID", url: "http://www.securityfocus.com/bid/30802", }, { name: "USN-691-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/691-1/", }, { name: "[oss-security] 20080826 Re: CVE Request (ruby)", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2008/08/26/1", }, { name: "32371", refsource: "SECUNIA", url: "http://secunia.com/advisories/32371", }, { name: "32165", refsource: "SECUNIA", url: "http://secunia.com/advisories/32165", }, { name: "GLSA-200812-17", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { name: "33178", refsource: "SECUNIA", url: "http://secunia.com/advisories/33178", }, { name: "FEDORA-2008-8738", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html", }, { name: "32256", refsource: "SECUNIA", url: "http://secunia.com/advisories/32256", }, { name: "31602", refsource: "SECUNIA", url: "http://secunia.com/advisories/31602", }, { name: "ADV-2008-2483", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/2483", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-3790", datePublished: "2008-08-27T20:00:00", dateReserved: "2008-08-26T00:00:00", dateUpdated: "2024-08-07T09:52:59.694Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-4466
Vulnerability from cvelistv5
Published
2013-04-25 23:00
Modified
2024-08-06 20:35
Severity ?
EPSS score ?
Summary
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/10/02/4 | mailing-list, x_refsource_MLIST | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:124 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.openwall.com/lists/oss-security/2012/10/03/9 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=862614 | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089554.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089887.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/ | x_refsource_CONFIRM | |
| http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068 | x_refsource_MISC | |
| https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T20:35:09.685Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20121002 CVE Request: Ruby safe level bypasses", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/10/02/4", }, { name: "MDVSA-2013:124", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:124", }, { name: "[oss-security] 20121003 Re: CVE Request: Ruby safe level bypasses", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/10/03/9", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=862614", }, { name: "FEDORA-2012-15376", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089554.html", }, { name: "FEDORA-2012-15395", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089887.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-10-02T00:00:00", descriptions: [ { lang: "en", value: "Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-02-06T14:57:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "[oss-security] 20121002 CVE Request: Ruby safe level bypasses", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/10/02/4", }, { name: "MDVSA-2013:124", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:124", }, { name: "[oss-security] 20121003 Re: CVE Request: Ruby safe level bypasses", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/10/03/9", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=862614", }, { name: "FEDORA-2012-15376", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089554.html", }, { name: "FEDORA-2012-15395", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089887.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/", }, { tags: [ "x_refsource_MISC", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2012-4466", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20121002 CVE Request: Ruby safe level bypasses", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/10/02/4", }, { name: "MDVSA-2013:124", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:124", }, { name: "[oss-security] 20121003 Re: CVE Request: Ruby safe level bypasses", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/10/03/9", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=862614", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=862614", }, { name: "FEDORA-2012-15376", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089554.html", }, { name: "FEDORA-2012-15395", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089887.html", }, { name: "http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/", refsource: "CONFIRM", url: "http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/", }, { name: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068", refsource: "MISC", url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068", }, { name: "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294", refsource: "CONFIRM", url: "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-4466", datePublished: "2013-04-25T23:00:00", dateReserved: "2012-08-21T00:00:00", dateUpdated: "2024-08-06T20:35:09.685Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-3656
Vulnerability from cvelistv5
Published
2008-08-13 01:00
Modified
2024-08-07 09:45
Severity ?
EPSS score ?
Summary
Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:45:18.986Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "oval:org.mitre.oval:def:9682", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9682", }, { name: "31430", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31430", }, { name: "31697", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31697", }, { name: "USN-651-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/651-1/", }, { name: "ruby-webrick-dos(44371)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44371", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT3549", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264", }, { name: "DSA-1652", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1652", }, { name: "FEDORA-2008-8736", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html", }, { name: "35074", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/35074", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", }, { name: "DSA-1651", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1651", }, { name: "APPLE-SA-2009-05-12", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html", }, { name: "30644", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/30644", }, { name: "RHSA-2008:0897", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/", }, { name: "32219", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32219", }, { name: "1020654", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020654", }, { name: "TA09-133A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-133A.html", }, { name: "32255", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32255", }, { name: "ADV-2009-1297", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/1297", }, { name: "20080831 rPSA-2008-0264-1 ruby", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/495884/100/0/threaded", }, { name: "32371", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32371", }, { name: "32165", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32165", }, { name: "GLSA-200812-17", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { name: "33178", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33178", }, { name: "ADV-2008-2334", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2334", }, { name: "FEDORA-2008-8738", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401", }, { name: "32256", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32256", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-08-08T00:00:00", descriptions: [ { lang: "en", value: "Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "oval:org.mitre.oval:def:9682", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9682", }, { name: "31430", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31430", }, { name: "31697", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31697", }, { name: "USN-651-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/651-1/", }, { name: "ruby-webrick-dos(44371)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44371", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT3549", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264", }, { name: "DSA-1652", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1652", }, { name: "FEDORA-2008-8736", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html", }, { name: "35074", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/35074", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", }, { name: "DSA-1651", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1651", }, { name: "APPLE-SA-2009-05-12", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html", }, { name: "30644", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/30644", }, { name: "RHSA-2008:0897", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/", }, { name: "32219", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32219", }, { name: "1020654", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020654", }, { name: "TA09-133A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-133A.html", }, { name: "32255", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32255", }, { name: "ADV-2009-1297", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/1297", }, { name: "20080831 rPSA-2008-0264-1 ruby", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/495884/100/0/threaded", }, { name: "32371", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32371", }, { name: "32165", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32165", }, { name: "GLSA-200812-17", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { name: "33178", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33178", }, { name: "ADV-2008-2334", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2334", }, { name: "FEDORA-2008-8738", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401", }, { name: "32256", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32256", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-3656", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "oval:org.mitre.oval:def:9682", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9682", }, { name: "31430", refsource: "SECUNIA", url: "http://secunia.com/advisories/31430", }, { name: "31697", refsource: "SECUNIA", url: "http://secunia.com/advisories/31697", }, { name: "USN-651-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/651-1/", }, { name: "ruby-webrick-dos(44371)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44371", }, { name: "http://support.apple.com/kb/HT3549", refsource: "CONFIRM", url: "http://support.apple.com/kb/HT3549", }, { name: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264", refsource: "CONFIRM", url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264", }, { name: "DSA-1652", refsource: "DEBIAN", url: "http://www.debian.org/security/2008/dsa-1652", }, { name: "FEDORA-2008-8736", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html", }, { name: "35074", refsource: "SECUNIA", url: "http://secunia.com/advisories/35074", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", }, { name: "DSA-1651", refsource: "DEBIAN", url: "http://www.debian.org/security/2008/dsa-1651", }, { name: "APPLE-SA-2009-05-12", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html", }, { name: "30644", refsource: "BID", url: "http://www.securityfocus.com/bid/30644", }, { name: "RHSA-2008:0897", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { name: "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/", refsource: "CONFIRM", url: "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/", }, { name: "32219", refsource: "SECUNIA", url: "http://secunia.com/advisories/32219", }, { name: "1020654", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1020654", }, { name: "TA09-133A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA09-133A.html", }, { name: "32255", refsource: "SECUNIA", url: "http://secunia.com/advisories/32255", }, { name: "ADV-2009-1297", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/1297", }, { name: "20080831 rPSA-2008-0264-1 ruby", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/495884/100/0/threaded", }, { name: "32371", refsource: "SECUNIA", url: "http://secunia.com/advisories/32371", }, { name: "32165", refsource: "SECUNIA", url: "http://secunia.com/advisories/32165", }, { name: "GLSA-200812-17", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { name: "33178", refsource: "SECUNIA", url: "http://secunia.com/advisories/33178", }, { name: "ADV-2008-2334", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/2334", }, { name: "FEDORA-2008-8738", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html", }, { name: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401", refsource: "CONFIRM", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401", }, { name: "32256", refsource: "SECUNIA", url: "http://secunia.com/advisories/32256", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-3656", datePublished: "2008-08-13T01:00:00", dateReserved: "2008-08-12T00:00:00", dateUpdated: "2024-08-07T09:45:18.986Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-4522
Vulnerability from cvelistv5
Published
2012-11-24 20:00
Modified
2024-08-06 20:42
Severity ?
EPSS score ?
Summary
The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090235.html | vendor-advisory, x_refsource_FEDORA | |
| http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37163 | x_refsource_MISC | |
| http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090515.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.openwall.com/lists/oss-security/2012/10/13/1 | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2013-0129.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.openwall.com/lists/oss-security/2012/10/16/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/10/12/6 | mailing-list, x_refsource_MLIST | |
| http://www.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T20:42:53.662Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FEDORA-2012-16071", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090235.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37163", }, { name: "FEDORA-2012-16086", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090515.html", }, { name: "[oss-security] 20121013 Re: CVE request: ruby file creation due in insertion of illegal NUL character", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/10/13/1", }, { name: "RHSA-2013:0129", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0129.html", }, { name: "[oss-security] 20121016 Re: CVE request: ruby file creation due in insertion of illegal NUL character", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/10/16/1", }, { name: "[oss-security] 20121012 CVE request: ruby file creation due in insertion of illegal NUL character", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/10/12/6", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-10-12T00:00:00", descriptions: [ { lang: "en", value: "The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-04-11T09:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "FEDORA-2012-16071", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090235.html", }, { tags: [ "x_refsource_MISC", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37163", }, { name: "FEDORA-2012-16086", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090515.html", }, { name: "[oss-security] 20121013 Re: CVE request: ruby file creation due in insertion of illegal NUL character", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/10/13/1", }, { name: "RHSA-2013:0129", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0129.html", }, { name: "[oss-security] 20121016 Re: CVE request: ruby file creation due in insertion of illegal NUL character", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/10/16/1", }, { name: "[oss-security] 20121012 CVE request: ruby file creation due in insertion of illegal NUL character", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/10/12/6", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2012-4522", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "FEDORA-2012-16071", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090235.html", }, { name: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37163", refsource: "MISC", url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37163", }, { name: "FEDORA-2012-16086", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090515.html", }, { name: "[oss-security] 20121013 Re: CVE request: ruby file creation due in insertion of illegal NUL character", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/10/13/1", }, { name: "RHSA-2013:0129", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-0129.html", }, { name: "[oss-security] 20121016 Re: CVE request: ruby file creation due in insertion of illegal NUL character", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/10/16/1", }, { name: "[oss-security] 20121012 CVE request: ruby file creation due in insertion of illegal NUL character", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/10/12/6", }, { name: "http://www.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability/", refsource: "CONFIRM", url: "http://www.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-4522", datePublished: "2012-11-24T20:00:00", dateReserved: "2012-08-21T00:00:00", dateUpdated: "2024-08-06T20:42:53.662Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-9229
Vulnerability from cvelistv5
Published
2017-05-24 15:00
Modified
2024-08-05 17:02
Severity ?
EPSS score ?
Summary
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2018:1296 | vendor-advisory, x_refsource_REDHAT | |
| https://github.com/kkos/oniguruma/issues/59 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T17:02:44.157Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d", }, { name: "RHSA-2018:1296", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1296", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/kkos/oniguruma/issues/59", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-05-24T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-05-03T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d", }, { name: "RHSA-2018:1296", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1296", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/kkos/oniguruma/issues/59", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-9229", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d", refsource: "CONFIRM", url: "https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d", }, { name: "RHSA-2018:1296", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1296", }, { name: "https://github.com/kkos/oniguruma/issues/59", refsource: "CONFIRM", url: "https://github.com/kkos/oniguruma/issues/59", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-9229", datePublished: "2017-05-24T15:00:00", dateReserved: "2017-05-24T00:00:00", dateUpdated: "2024-08-05T17:02:44.157Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-1145
Vulnerability from cvelistv5
Published
2008-03-04 23:00
Modified
2024-08-07 08:08
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:08:57.740Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SR:2008:017", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0123", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT2163", }, { name: "29357", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29357", }, { name: "20080325 rPSA-2008-0123-1 ruby", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/490056/100/0/threaded", }, { name: "VU#404515", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/404515", }, { name: "28123", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/28123", }, { name: "MDVSA-2008:141", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { name: "20080306 [DSECRG-08-018] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory traversal file Download Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/489205/100/0/threaded", }, { name: "ADV-2008-1981", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { name: "5215", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/5215", }, { name: "29232", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29232", }, { name: "ruby-webrick-directory-traversal(41010)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41010", }, { name: "31687", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31687", }, { name: "20080306 Re: [DSECRG-08-018] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory traversal file Download Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/489218/100/0/threaded", }, { name: "FEDORA-2008-2458", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00354.html", }, { name: "RHSA-2008:0897", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { name: "APPLE-SA-2008-06-30", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/", }, { name: "ADV-2008-0787", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/0787", }, { name: "30802", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30802", }, { name: "oval:org.mitre.oval:def:10937", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10937", }, { name: "1019562", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1019562", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://issues.rpath.com/browse/RPL-2338", }, { name: "32371", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32371", }, { name: "MDVSA-2008:142", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { name: "29536", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29536", }, { name: "FEDORA-2008-2443", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00338.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://wiki.rpath.com/Advisories:rPSA-2008-0123", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-03-03T00:00:00", descriptions: [ { lang: "en", value: "Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) \"..%5c\" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T19:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "SUSE-SR:2008:017", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0123", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT2163", }, { name: "29357", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29357", }, { name: "20080325 rPSA-2008-0123-1 ruby", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/490056/100/0/threaded", }, { name: "VU#404515", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/404515", }, { name: "28123", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/28123", }, { name: "MDVSA-2008:141", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { name: "20080306 [DSECRG-08-018] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory traversal file Download Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/489205/100/0/threaded", }, { name: "ADV-2008-1981", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { name: "5215", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/5215", }, { name: "29232", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29232", }, { name: "ruby-webrick-directory-traversal(41010)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41010", }, { name: "31687", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31687", }, { name: "20080306 Re: [DSECRG-08-018] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory traversal file Download Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/489218/100/0/threaded", }, { name: "FEDORA-2008-2458", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00354.html", }, { name: "RHSA-2008:0897", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { name: "APPLE-SA-2008-06-30", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/", }, { name: "ADV-2008-0787", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/0787", }, { name: "30802", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30802", }, { name: "oval:org.mitre.oval:def:10937", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10937", }, { name: "1019562", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1019562", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://issues.rpath.com/browse/RPL-2338", }, { name: "32371", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32371", }, { name: "MDVSA-2008:142", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { name: "29536", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29536", }, { name: "FEDORA-2008-2443", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00338.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://wiki.rpath.com/Advisories:rPSA-2008-0123", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2008-1145", datePublished: "2008-03-04T23:00:00", dateReserved: "2008-03-04T00:00:00", dateUpdated: "2024-08-07T08:08:57.740Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-15845
Vulnerability from cvelistv5
Published
2019-11-26 16:45
Modified
2024-08-05 01:03
Severity ?
EPSS score ?
Summary
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://hackerone.com/reports/449617 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/4201-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://seclists.org/bugtraq/2019/Dec/31 | mailing-list, x_refsource_BUGTRAQ | |
| https://seclists.org/bugtraq/2019/Dec/32 | mailing-list, x_refsource_BUGTRAQ | |
| https://www.debian.org/security/2019/dsa-4587 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.oracle.com/security-alerts/cpujan2020.html | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202003-06 | vendor-advisory, x_refsource_GENTOO | |
| http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:03:32.086Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://hackerone.com/reports/449617", }, { name: "[debian-lts-announce] 20191125 [SECURITY] [DLA 2007-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", }, { name: "USN-4201-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4201-1/", }, { name: "20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Dec/31", }, { name: "20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Dec/32", }, { name: "DSA-4587", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4587", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "GLSA-202003-06", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202003-06", }, { name: "openSUSE-SU-2020:0395", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-29T00:06:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://hackerone.com/reports/449617", }, { name: "[debian-lts-announce] 20191125 [SECURITY] [DLA 2007-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", }, { name: "USN-4201-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4201-1/", }, { name: "20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Dec/31", }, { name: "20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Dec/32", }, { name: "DSA-4587", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4587", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "GLSA-202003-06", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202003-06", }, { name: "openSUSE-SU-2020:0395", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-15845", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://hackerone.com/reports/449617", refsource: "MISC", url: "https://hackerone.com/reports/449617", }, { name: "[debian-lts-announce] 20191125 [SECURITY] [DLA 2007-1] ruby2.1 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", }, { name: "USN-4201-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4201-1/", }, { name: "20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Dec/31", }, { name: "20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Dec/32", }, { name: "DSA-4587", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4587", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "GLSA-202003-06", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202003-06", }, { name: "openSUSE-SU-2020:0395", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-15845", datePublished: "2019-11-26T16:45:08", dateReserved: "2019-08-30T00:00:00", dateUpdated: "2024-08-05T01:03:32.086Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-33621
Vulnerability from cvelistv5
Published
2022-11-18 00:00
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:58:21.531Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/", }, { name: "FEDORA-2022-ef96a58bbe", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQR7LWED6VAPD5ATYOBZIGJQPCUBRJBX/", }, { name: "FEDORA-2022-f0f6c6bec2", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YACE6ORF2QBXXBK2V2CM36D7TZMEJVAS/", }, { name: "FEDORA-2022-b9b710f199", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THVTYHHEOVLQFCFHWURZYO7PVUPBHRZD/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20221228-0004/", }, { name: "[debian-lts-announce] 20230609 [SECURITY] [DLA 3450-1] ruby2.5 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html", }, { name: "GLSA-202401-27", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202401-27", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-24T05:06:28.299372", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/", }, { name: "FEDORA-2022-ef96a58bbe", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQR7LWED6VAPD5ATYOBZIGJQPCUBRJBX/", }, { name: "FEDORA-2022-f0f6c6bec2", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YACE6ORF2QBXXBK2V2CM36D7TZMEJVAS/", }, { name: "FEDORA-2022-b9b710f199", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THVTYHHEOVLQFCFHWURZYO7PVUPBHRZD/", }, { url: "https://security.netapp.com/advisory/ntap-20221228-0004/", }, { name: "[debian-lts-announce] 20230609 [SECURITY] [DLA 3450-1] ruby2.5 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html", }, { name: "GLSA-202401-27", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202401-27", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-33621", datePublished: "2022-11-18T00:00:00", dateReserved: "2021-05-28T00:00:00", dateUpdated: "2024-08-03T23:58:21.531Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-3655
Vulnerability from cvelistv5
Published
2008-08-13 01:00
Modified
2024-08-07 09:45
Severity ?
EPSS score ?
Summary
Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:45:18.972Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "31430", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31430", }, { name: "1020656", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020656", }, { name: "31697", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31697", }, { name: "USN-651-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/651-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT3549", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264", }, { name: "DSA-1652", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1652", }, { name: "FEDORA-2008-8736", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html", }, { name: "oval:org.mitre.oval:def:11602", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11602", }, { name: "35074", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/35074", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", }, { name: "DSA-1651", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1651", }, { name: "ruby-safelevel-security-bypass(44369)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44369", }, { name: "APPLE-SA-2009-05-12", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html", }, { name: "RHSA-2008:0895", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0895.html", }, { name: "30644", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/30644", }, { name: "RHSA-2008:0897", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/", }, { name: "32219", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32219", }, { name: "TA09-133A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-133A.html", }, { name: "32255", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32255", }, { name: "ADV-2009-1297", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/1297", }, { name: "20080831 rPSA-2008-0264-1 ruby", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/495884/100/0/threaded", }, { name: "32371", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32371", }, { name: "32165", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32165", }, { name: "GLSA-200812-17", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { name: "33178", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33178", }, { name: "ADV-2008-2334", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2334", }, { name: "32372", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32372", }, { name: "FEDORA-2008-8738", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401", }, { name: "32256", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32256", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-08-08T00:00:00", descriptions: [ { lang: "en", value: "Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "31430", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31430", }, { name: "1020656", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020656", }, { name: "31697", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31697", }, { name: "USN-651-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/651-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT3549", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264", }, { name: "DSA-1652", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1652", }, { name: "FEDORA-2008-8736", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html", }, { name: "oval:org.mitre.oval:def:11602", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11602", }, { name: "35074", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/35074", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", }, { name: "DSA-1651", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1651", }, { name: "ruby-safelevel-security-bypass(44369)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44369", }, { name: "APPLE-SA-2009-05-12", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html", }, { name: "RHSA-2008:0895", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0895.html", }, { name: "30644", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/30644", }, { name: "RHSA-2008:0897", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/", }, { name: "32219", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32219", }, { name: "TA09-133A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-133A.html", }, { name: "32255", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32255", }, { name: "ADV-2009-1297", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/1297", }, { name: "20080831 rPSA-2008-0264-1 ruby", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/495884/100/0/threaded", }, { name: "32371", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32371", }, { name: "32165", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32165", }, { name: "GLSA-200812-17", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { name: "33178", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33178", }, { name: "ADV-2008-2334", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2334", }, { name: "32372", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32372", }, { name: "FEDORA-2008-8738", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401", }, { name: "32256", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32256", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-3655", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "31430", refsource: "SECUNIA", url: "http://secunia.com/advisories/31430", }, { name: "1020656", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1020656", }, { name: "31697", refsource: "SECUNIA", url: "http://secunia.com/advisories/31697", }, { name: "USN-651-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/651-1/", }, { name: "http://support.apple.com/kb/HT3549", refsource: "CONFIRM", url: "http://support.apple.com/kb/HT3549", }, { name: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264", refsource: "CONFIRM", url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264", }, { name: "DSA-1652", refsource: "DEBIAN", url: "http://www.debian.org/security/2008/dsa-1652", }, { name: "FEDORA-2008-8736", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html", }, { name: "oval:org.mitre.oval:def:11602", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11602", }, { name: "35074", refsource: "SECUNIA", url: "http://secunia.com/advisories/35074", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", }, { name: "DSA-1651", refsource: "DEBIAN", url: "http://www.debian.org/security/2008/dsa-1651", }, { name: "ruby-safelevel-security-bypass(44369)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44369", }, { name: "APPLE-SA-2009-05-12", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html", }, { name: "RHSA-2008:0895", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2008-0895.html", }, { name: "30644", refsource: "BID", url: "http://www.securityfocus.com/bid/30644", }, { name: "RHSA-2008:0897", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { name: "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/", refsource: "CONFIRM", url: "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/", }, { name: "32219", refsource: "SECUNIA", url: "http://secunia.com/advisories/32219", }, { name: "TA09-133A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA09-133A.html", }, { name: "32255", refsource: "SECUNIA", url: "http://secunia.com/advisories/32255", }, { name: "ADV-2009-1297", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/1297", }, { name: "20080831 rPSA-2008-0264-1 ruby", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/495884/100/0/threaded", }, { name: "32371", refsource: "SECUNIA", url: "http://secunia.com/advisories/32371", }, { name: "32165", refsource: "SECUNIA", url: "http://secunia.com/advisories/32165", }, { name: "GLSA-200812-17", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { name: "33178", refsource: "SECUNIA", url: "http://secunia.com/advisories/33178", }, { name: "ADV-2008-2334", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/2334", }, { name: "32372", refsource: "SECUNIA", url: "http://secunia.com/advisories/32372", }, { name: "FEDORA-2008-8738", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html", }, { name: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401", refsource: "CONFIRM", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401", }, { name: "32256", refsource: "SECUNIA", url: "http://secunia.com/advisories/32256", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-3655", datePublished: "2008-08-13T01:00:00", dateReserved: "2008-08-12T00:00:00", dateUpdated: "2024-08-07T09:45:18.972Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-2338
Vulnerability from cvelistv5
Published
2020-02-14 00:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:24:48.961Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[debian-lts-announce] 20200325 [SECURITY] [DLA 2158-1] ruby2.1 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00032.html", }, { tags: [ "x_transferred", ], url: "http://www.talosintelligence.com/reports/TALOS-2016-0032/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20221228-0005/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-06-14T00:00:00", descriptions: [ { lang: "en", value: "An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer \"head\" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-28T00:00:00", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { name: "[debian-lts-announce] 20200325 [SECURITY] [DLA 2158-1] ruby2.1 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00032.html", }, { url: "http://www.talosintelligence.com/reports/TALOS-2016-0032/", }, { url: "https://security.netapp.com/advisory/ntap-20221228-0005/", }, ], }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2016-2338", datePublished: "2020-02-14T00:00:00", dateReserved: "2016-02-12T00:00:00", dateUpdated: "2024-08-05T23:24:48.961Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-2663
Vulnerability from cvelistv5
Published
2008-06-24 19:00
Modified
2024-08-07 09:05
Severity ?
EPSS score ?
Summary
Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:05:30.403Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SR:2008:017", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { name: "ruby-rbarystore-code-execution(43346)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43346", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT2163", }, { name: "31090", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31090", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", }, { name: "MDVSA-2008:141", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { name: "30875", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30875", }, { name: "ADV-2008-1981", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { name: "ADV-2008-1907", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1907/references", }, { name: "DSA-1618", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1618", }, { name: "31687", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31687", }, { name: "30894", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30894", }, { name: "31062", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31062", }, { name: "31256", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31256", }, { name: "20080626 rPSA-2008-0206-1 ruby", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/493688/100/0/threaded", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", }, { name: "oval:org.mitre.oval:def:10524", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10524", }, { name: "SSA:2008-179-01", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562", }, { name: "APPLE-SA-2008-06-30", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { name: "1020347", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020347", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", }, { name: "FEDORA-2008-5649", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", }, { name: "MDVSA-2008:140", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { name: "30802", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30802", }, { name: "30831", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30831", }, { name: "RHSA-2008:0561", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0561.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://issues.rpath.com/browse/RPL-2626", }, { name: "DSA-1612", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1612", }, { name: "GLSA-200812-17", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { name: "33178", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33178", }, { name: "29903", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29903", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", }, { name: "30867", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30867", }, { name: "MDVSA-2008:142", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.ruby-forum.com/topic/157034", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", }, { name: "USN-621-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-621-1", }, { name: "31181", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31181", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-06-21T00:00:00", descriptions: [ { lang: "en", value: "Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "SUSE-SR:2008:017", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { name: "ruby-rbarystore-code-execution(43346)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43346", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT2163", }, { name: "31090", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31090", }, { tags: [ "x_refsource_MISC", ], url: "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", }, { name: "MDVSA-2008:141", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { name: "30875", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30875", }, { name: "ADV-2008-1981", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { name: "ADV-2008-1907", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1907/references", }, { name: "DSA-1618", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1618", }, { name: "31687", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31687", }, { name: "30894", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30894", }, { name: "31062", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31062", }, { name: "31256", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31256", }, { name: "20080626 rPSA-2008-0206-1 ruby", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/493688/100/0/threaded", }, { tags: [ "x_refsource_MISC", ], url: "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", }, { name: "oval:org.mitre.oval:def:10524", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10524", }, { name: "SSA:2008-179-01", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562", }, { name: "APPLE-SA-2008-06-30", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { name: "1020347", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020347", }, { tags: [ "x_refsource_MISC", ], url: "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", }, { name: "FEDORA-2008-5649", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", }, { name: "MDVSA-2008:140", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { name: "30802", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30802", }, { name: "30831", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30831", }, { name: "RHSA-2008:0561", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0561.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://issues.rpath.com/browse/RPL-2626", }, { name: "DSA-1612", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1612", }, { name: "GLSA-200812-17", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { name: "33178", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33178", }, { name: "29903", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29903", }, { tags: [ "x_refsource_MISC", ], url: "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", }, { name: "30867", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30867", }, { name: "MDVSA-2008:142", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", }, { tags: [ "x_refsource_MISC", ], url: "http://www.ruby-forum.com/topic/157034", }, { tags: [ "x_refsource_MISC", ], url: "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", }, { name: "USN-621-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-621-1", }, { name: "31181", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31181", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-2663", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "SUSE-SR:2008:017", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { name: "ruby-rbarystore-code-execution(43346)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43346", }, { name: "http://support.apple.com/kb/HT2163", refsource: "CONFIRM", url: "http://support.apple.com/kb/HT2163", }, { name: "31090", refsource: "SECUNIA", url: "http://secunia.com/advisories/31090", }, { name: "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", refsource: "MISC", url: "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", }, { name: "MDVSA-2008:141", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { name: "30875", refsource: "SECUNIA", url: "http://secunia.com/advisories/30875", }, { name: "ADV-2008-1981", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { name: "ADV-2008-1907", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1907/references", }, { name: "DSA-1618", refsource: "DEBIAN", url: "http://www.debian.org/security/2008/dsa-1618", }, { name: "31687", refsource: "SECUNIA", url: "http://secunia.com/advisories/31687", }, { name: "30894", refsource: "SECUNIA", url: "http://secunia.com/advisories/30894", }, { name: "31062", refsource: "SECUNIA", url: "http://secunia.com/advisories/31062", }, { name: "31256", refsource: "SECUNIA", url: "http://secunia.com/advisories/31256", }, { name: "20080626 rPSA-2008-0206-1 ruby", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/493688/100/0/threaded", }, { name: "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", refsource: "MISC", url: "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", }, { name: "oval:org.mitre.oval:def:10524", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10524", }, { name: "SSA:2008-179-01", refsource: "SLACKWARE", url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562", }, { name: "APPLE-SA-2008-06-30", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { name: "1020347", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1020347", }, { name: "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", refsource: "MISC", url: "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", }, { name: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", refsource: "CONFIRM", url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", }, { name: "FEDORA-2008-5649", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", }, { name: "MDVSA-2008:140", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { name: "30802", refsource: "SECUNIA", url: "http://secunia.com/advisories/30802", }, { name: "30831", refsource: "SECUNIA", url: "http://secunia.com/advisories/30831", }, { name: "RHSA-2008:0561", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2008-0561.html", }, { name: "https://issues.rpath.com/browse/RPL-2626", refsource: "CONFIRM", url: "https://issues.rpath.com/browse/RPL-2626", }, { name: "DSA-1612", refsource: "DEBIAN", url: "http://www.debian.org/security/2008/dsa-1612", }, { name: "GLSA-200812-17", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { name: "33178", refsource: "SECUNIA", url: "http://secunia.com/advisories/33178", }, { name: "29903", refsource: "BID", url: "http://www.securityfocus.com/bid/29903", }, { name: "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", refsource: "MISC", url: "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", }, { name: "30867", refsource: "SECUNIA", url: "http://secunia.com/advisories/30867", }, { name: "MDVSA-2008:142", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { name: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", refsource: "CONFIRM", url: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", }, { name: "http://www.ruby-forum.com/topic/157034", refsource: "MISC", url: "http://www.ruby-forum.com/topic/157034", }, { name: "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", refsource: "MISC", url: "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", }, { name: "USN-621-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/usn-621-1", }, { name: "31181", refsource: "SECUNIA", url: "http://secunia.com/advisories/31181", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-2663", datePublished: "2008-06-24T19:00:00", dateReserved: "2008-06-10T00:00:00", dateUpdated: "2024-08-07T09:05:30.403Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-8090
Vulnerability from cvelistv5
Published
2014-11-21 15:00
Modified
2024-08-06 13:10
Severity ?
EPSS score ?
Summary
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T13:10:50.067Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "openSUSE-SU-2014:1589", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html", }, { name: "59948", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59948", }, { name: "RHSA-2014:1912", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1912.html", }, { name: "DSA-3159", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3159", }, { name: "62050", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/62050", }, { name: "APPLE-SA-2015-09-30-3", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { name: "RHSA-2014:1913", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1913.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/HT205267", }, { name: "RHSA-2014:1911", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1911.html", }, { name: "DSA-3157", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3157", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://advisories.mageia.org/MGASA-2014-0472.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/", }, { name: "USN-2412-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2412-1", }, { name: "62748", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/62748", }, { name: "MDVSA-2015:129", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:129", }, { name: "71230", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/71230", }, { name: "openSUSE-SU-2015:0007", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html", }, { name: "RHSA-2014:1914", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1914.html", }, { name: "openSUSE-SU-2015:0002", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-11-20T00:00:00", descriptions: [ { lang: "en", value: "The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-30T16:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "openSUSE-SU-2014:1589", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html", }, { name: "59948", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59948", }, { name: "RHSA-2014:1912", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1912.html", }, { name: "DSA-3159", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2015/dsa-3159", }, { name: "62050", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/62050", }, { name: "APPLE-SA-2015-09-30-3", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { name: "RHSA-2014:1913", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1913.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/HT205267", }, { name: "RHSA-2014:1911", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1911.html", }, { name: "DSA-3157", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2015/dsa-3157", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://advisories.mageia.org/MGASA-2014-0472.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/", }, { name: "USN-2412-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2412-1", }, { name: "62748", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/62748", }, { name: "MDVSA-2015:129", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:129", }, { name: "71230", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/71230", }, { name: "openSUSE-SU-2015:0007", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html", }, { name: "RHSA-2014:1914", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1914.html", }, { name: "openSUSE-SU-2015:0002", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2014-8090", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "openSUSE-SU-2014:1589", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html", }, { name: "59948", refsource: "SECUNIA", url: "http://secunia.com/advisories/59948", }, { name: "RHSA-2014:1912", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1912.html", }, { name: "DSA-3159", refsource: "DEBIAN", url: "http://www.debian.org/security/2015/dsa-3159", }, { name: "62050", refsource: "SECUNIA", url: "http://secunia.com/advisories/62050", }, { name: "APPLE-SA-2015-09-30-3", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html", }, { name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { name: "RHSA-2014:1913", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1913.html", }, { name: "https://support.apple.com/HT205267", refsource: "CONFIRM", url: "https://support.apple.com/HT205267", }, { name: "RHSA-2014:1911", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1911.html", }, { name: "DSA-3157", refsource: "DEBIAN", url: "http://www.debian.org/security/2015/dsa-3157", }, { name: "http://advisories.mageia.org/MGASA-2014-0472.html", refsource: "CONFIRM", url: "http://advisories.mageia.org/MGASA-2014-0472.html", }, { name: "https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/", }, { name: "USN-2412-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2412-1", }, { name: "62748", refsource: "SECUNIA", url: "http://secunia.com/advisories/62748", }, { name: "MDVSA-2015:129", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:129", }, { name: "71230", refsource: "BID", url: "http://www.securityfocus.com/bid/71230", }, { name: "openSUSE-SU-2015:0007", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html", }, { name: "RHSA-2014:1914", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1914.html", }, { name: "openSUSE-SU-2015:0002", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2014-8090", datePublished: "2014-11-21T15:00:00", dateReserved: "2014-10-10T00:00:00", dateUpdated: "2024-08-06T13:10:50.067Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-16396
Vulnerability from cvelistv5
Published
2018-11-16 18:00
Modified
2024-08-05 10:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T10:24:32.115Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://hackerone.com/reports/385070", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/", }, { name: "RHSA-2018:3729", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { name: "RHSA-2018:3730", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { name: "RHSA-2018:3731", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/", }, { name: "DSA-4332", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4332", }, { name: "USN-3808-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3808-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190221-0002/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/", }, { name: "[debian-lts-announce] 20181028 [SECURITY] [DLA 1558-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html", }, { name: "1042106", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1042106", }, { name: "openSUSE-SU-2019:1771", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { name: "RHSA-2019:2028", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2028", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-10-17T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-06T16:06:27", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://hackerone.com/reports/385070", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/", }, { name: "RHSA-2018:3729", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { name: "RHSA-2018:3730", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { name: "RHSA-2018:3731", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/", }, { name: "DSA-4332", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4332", }, { name: "USN-3808-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3808-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190221-0002/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/", }, { name: "[debian-lts-announce] 20181028 [SECURITY] [DLA 1558-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html", }, { name: "1042106", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1042106", }, { name: "openSUSE-SU-2019:1771", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { name: "RHSA-2019:2028", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2028", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-16396", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://hackerone.com/reports/385070", refsource: "MISC", url: "https://hackerone.com/reports/385070", }, { name: "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/", }, { name: "RHSA-2018:3729", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { name: "RHSA-2018:3730", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { name: "RHSA-2018:3731", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { name: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/", }, { name: "DSA-4332", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4332", }, { name: "USN-3808-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3808-1/", }, { name: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/", }, { name: "https://security.netapp.com/advisory/ntap-20190221-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190221-0002/", }, { name: "https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/", }, { name: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/", }, { name: "[debian-lts-announce] 20181028 [SECURITY] [DLA 1558-1] ruby2.1 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html", }, { name: "1042106", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1042106", }, { name: "openSUSE-SU-2019:1771", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { name: "RHSA-2019:2028", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2028", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-16396", datePublished: "2018-11-16T18:00:00", dateReserved: "2018-09-03T00:00:00", dateUpdated: "2024-08-05T10:24:32.115Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-2337
Vulnerability from cvelistv5
Published
2017-01-06 21:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.talosintelligence.com/reports/TALOS-2016-0031/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/91233 | vdb-entry, x_refsource_BID | |
| https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201710-18 | vendor-advisory, x_refsource_GENTOO |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:24:49.158Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.talosintelligence.com/reports/TALOS-2016-0031/", }, { name: "91233", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/91233", }, { name: "[debian-lts-announce] 20180827 [SECURITY] [DLA 1480-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html", }, { name: "GLSA-201710-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201710-18", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Ruby", vendor: "Ruby", versions: [ { status: "affected", version: "2.3.0 dev", }, { status: "affected", version: "2.2.2", }, ], }, { product: "Tcl/Tk", vendor: "Tcl", versions: [ { status: "affected", version: "8.6 or later", }, ], }, ], datePublic: "2016-06-14T00:00:00", descriptions: [ { lang: "en", value: "Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as \"retval\" argument can cause arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "type confusion", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-08-28T09:57:01", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.talosintelligence.com/reports/TALOS-2016-0031/", }, { name: "91233", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/91233", }, { name: "[debian-lts-announce] 20180827 [SECURITY] [DLA 1480-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html", }, { name: "GLSA-201710-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201710-18", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cert@cert.org", ID: "CVE-2016-2337", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Ruby", version: { version_data: [ { version_value: "2.3.0 dev", }, { version_value: "2.2.2", }, ], }, }, ], }, vendor_name: "Ruby", }, { product: { product_data: [ { product_name: "Tcl/Tk", version: { version_data: [ { version_value: "8.6 or later", }, ], }, }, ], }, vendor_name: "Tcl", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as \"retval\" argument can cause arbitrary code execution.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "type confusion", }, ], }, ], }, references: { reference_data: [ { name: "http://www.talosintelligence.com/reports/TALOS-2016-0031/", refsource: "MISC", url: "http://www.talosintelligence.com/reports/TALOS-2016-0031/", }, { name: "91233", refsource: "BID", url: "http://www.securityfocus.com/bid/91233", }, { name: "[debian-lts-announce] 20180827 [SECURITY] [DLA 1480-1] ruby2.1 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html", }, { name: "GLSA-201710-18", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201710-18", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2016-2337", datePublished: "2017-01-06T21:00:00", dateReserved: "2016-02-12T00:00:00", dateUpdated: "2024-08-05T23:24:49.158Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4164
Vulnerability from cvelistv5
Published
2013-11-23 19:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:30:50.071Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://puppet.com/security/cve/cve-2013-4164", }, { name: "APPLE-SA-2014-10-16-3", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html", }, { name: "openSUSE-SU-2013:1835", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00028.html", }, { name: "USN-2035-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2035-1", }, { name: "APPLE-SA-2014-04-22-1", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html", }, { name: "RHSA-2014:0215", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0215.html", }, { name: "SUSE-SU-2013:1897", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00009.html", }, { name: "RHSA-2013:1763", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1763.html", }, { name: "RHSA-2013:1764", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1764.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-released", }, { name: "63873", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/63873", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164", }, { name: "RHSA-2013:1767", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1767.html", }, { name: "RHSA-2014:0011", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0011.html", }, { name: "openSUSE-SU-2013:1834", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00027.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT6536", }, { name: "100113", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/100113", }, { name: "DSA-2810", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2013/dsa-2810", }, { name: "57376", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/57376", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released", }, { name: "DSA-2809", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2013/dsa-2809", }, { name: "55787", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/55787", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-11-22T00:00:00", descriptions: [ { lang: "en", value: "Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-08T21:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://puppet.com/security/cve/cve-2013-4164", }, { name: "APPLE-SA-2014-10-16-3", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html", }, { name: "openSUSE-SU-2013:1835", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00028.html", }, { name: "USN-2035-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2035-1", }, { name: "APPLE-SA-2014-04-22-1", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html", }, { name: "RHSA-2014:0215", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0215.html", }, { name: "SUSE-SU-2013:1897", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00009.html", }, { name: "RHSA-2013:1763", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1763.html", }, { name: "RHSA-2013:1764", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1764.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-released", }, { name: "63873", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/63873", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164", }, { name: "RHSA-2013:1767", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1767.html", }, { name: "RHSA-2014:0011", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0011.html", }, { name: "openSUSE-SU-2013:1834", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00027.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT6536", }, { name: "100113", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/100113", }, { name: "DSA-2810", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2013/dsa-2810", }, { name: "57376", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/57376", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released", }, { name: "DSA-2809", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2013/dsa-2809", }, { name: "55787", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/55787", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2013-4164", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://puppet.com/security/cve/cve-2013-4164", refsource: "CONFIRM", url: "https://puppet.com/security/cve/cve-2013-4164", }, { name: "APPLE-SA-2014-10-16-3", refsource: "APPLE", url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html", }, { name: "openSUSE-SU-2013:1835", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00028.html", }, { name: "USN-2035-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2035-1", }, { name: "APPLE-SA-2014-04-22-1", refsource: "APPLE", url: "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html", }, { name: "RHSA-2014:0215", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-0215.html", }, { name: "SUSE-SU-2013:1897", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00009.html", }, { name: "RHSA-2013:1763", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1763.html", }, { name: "RHSA-2013:1764", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1764.html", }, { name: "https://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-released", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-released", }, { name: "63873", refsource: "BID", url: "http://www.securityfocus.com/bid/63873", }, { name: "https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164", }, { name: "RHSA-2013:1767", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1767.html", }, { name: "RHSA-2014:0011", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-0011.html", }, { name: "openSUSE-SU-2013:1834", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00027.html", }, { name: "https://support.apple.com/kb/HT6536", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT6536", }, { name: "100113", refsource: "OSVDB", url: "http://osvdb.org/100113", }, { name: "DSA-2810", refsource: "DEBIAN", url: "http://www.debian.org/security/2013/dsa-2810", }, { name: "57376", refsource: "SECUNIA", url: "http://secunia.com/advisories/57376", }, { name: "https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released", }, { name: "DSA-2809", refsource: "DEBIAN", url: "http://www.debian.org/security/2013/dsa-2809", }, { name: "55787", refsource: "SECUNIA", url: "http://secunia.com/advisories/55787", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-4164", datePublished: "2013-11-23T19:00:00", dateReserved: "2013-06-12T00:00:00", dateUpdated: "2024-08-06T16:30:50.071Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-0898
Vulnerability from cvelistv5
Published
2017-09-15 19:00
Modified
2024-09-17 01:36
Severity ?
EPSS score ?
Summary
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:25:17.095Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-3685-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3685-1/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://hackerone.com/reports/212241", }, { name: "RHSA-2018:0585", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0585", }, { name: "RHSA-2018:0378", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0378", }, { name: "DSA-4031", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2017/dsa-4031", }, { name: "100862", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/100862", }, { name: "1039363", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1039363", }, { name: "RHSA-2017:3485", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:3485", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { name: "RHSA-2018:0583", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/mruby/mruby/issues/3722", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/", }, { name: "GLSA-201710-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201710-18", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Ruby", vendor: "HackerOne", versions: [ { status: "affected", version: "Versions before 2.4.2, 2.3.5, and 2.2.8", }, ], }, ], datePublic: "2017-09-15T00:00:00", descriptions: [ { lang: "en", value: "Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-134", description: "Format String Vulnerability (CWE-134)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-07-14T09:57:01", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { name: "USN-3685-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3685-1/", }, { tags: [ "x_refsource_MISC", ], url: "https://hackerone.com/reports/212241", }, { name: "RHSA-2018:0585", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0585", }, { name: "RHSA-2018:0378", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0378", }, { name: "DSA-4031", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2017/dsa-4031", }, { name: "100862", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/100862", }, { name: "1039363", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1039363", }, { name: "RHSA-2017:3485", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:3485", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { name: "RHSA-2018:0583", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/mruby/mruby/issues/3722", }, { tags: [ "x_refsource_MISC", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/", }, { name: "GLSA-201710-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201710-18", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "support@hackerone.com", DATE_PUBLIC: "2017-09-15T00:00:00", ID: "CVE-2017-0898", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Ruby", version: { version_data: [ { version_value: "Versions before 2.4.2, 2.3.5, and 2.2.8", }, ], }, }, ], }, vendor_name: "HackerOne", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Format String Vulnerability (CWE-134)", }, ], }, ], }, references: { reference_data: [ { name: "USN-3685-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3685-1/", }, { name: "https://hackerone.com/reports/212241", refsource: "MISC", url: "https://hackerone.com/reports/212241", }, { name: "RHSA-2018:0585", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0585", }, { name: "RHSA-2018:0378", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0378", }, { name: "DSA-4031", refsource: "DEBIAN", url: "https://www.debian.org/security/2017/dsa-4031", }, { name: "100862", refsource: "BID", url: "http://www.securityfocus.com/bid/100862", }, { name: "1039363", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039363", }, { name: "RHSA-2017:3485", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:3485", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { name: "RHSA-2018:0583", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { name: "https://github.com/mruby/mruby/issues/3722", refsource: "MISC", url: "https://github.com/mruby/mruby/issues/3722", }, { name: "https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/", refsource: "MISC", url: "https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/", }, { name: "GLSA-201710-18", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201710-18", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2017-0898", datePublished: "2017-09-15T19:00:00Z", dateReserved: "2016-11-30T00:00:00", dateUpdated: "2024-09-17T01:36:46.258Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-2065
Vulnerability from cvelistv5
Published
2013-11-02 19:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://puppet.com/security/cve/cve-2013-2065 | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107064.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.ubuntu.com/usn/USN-2035-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/ | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107098.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.opensuse.org/opensuse-updates/2013-10/msg00057.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107120.html | vendor-advisory, x_refsource_FEDORA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T15:20:37.490Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://puppet.com/security/cve/cve-2013-2065", }, { name: "FEDORA-2013-8411", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107064.html", }, { name: "USN-2035-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2035-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/", }, { name: "FEDORA-2013-8375", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107098.html", }, { name: "openSUSE-SU-2013:1611", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-10/msg00057.html", }, { name: "FEDORA-2013-8738", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107120.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-05-14T00:00:00", descriptions: [ { lang: "en", value: "(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-08T21:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://puppet.com/security/cve/cve-2013-2065", }, { name: "FEDORA-2013-8411", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107064.html", }, { name: "USN-2035-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2035-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/", }, { name: "FEDORA-2013-8375", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107098.html", }, { name: "openSUSE-SU-2013:1611", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-10/msg00057.html", }, { name: "FEDORA-2013-8738", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107120.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-2065", datePublished: "2013-11-02T19:00:00", dateReserved: "2013-02-19T00:00:00", dateUpdated: "2024-08-06T15:20:37.490Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-0188
Vulnerability from cvelistv5
Published
2011-03-23 01:00
Modified
2024-08-06 21:43
Severity ?
EPSS score ?
Summary
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2011-0910.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securitytracker.com/id?1025236 | vdb-entry, x_refsource_SECTRACK | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2011:098 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.redhat.com/support/errata/RHSA-2011-0909.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html | vendor-advisory, x_refsource_APPLE | |
| http://www.redhat.com/support/errata/RHSA-2011-0908.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=682332 | x_refsource_CONFIRM | |
| http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ext/bigdecimal/bigdecimal.c?r1=29364&r2=30993 | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2011:097 | vendor-advisory, x_refsource_MANDRIVA | |
| http://support.apple.com/kb/HT4581 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T21:43:15.487Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2011:0910", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0910.html", }, { name: "1025236", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1025236", }, { name: "MDVSA-2011:098", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:098", }, { name: "RHSA-2011:0909", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0909.html", }, { name: "APPLE-SA-2011-03-21-1", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html", }, { name: "RHSA-2011:0908", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0908.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=682332", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ext/bigdecimal/bigdecimal.c?r1=29364&r2=30993", }, { name: "MDVSA-2011:097", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:097", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT4581", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-03-21T00:00:00", descriptions: [ { lang: "en", value: "The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an \"integer truncation issue.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2011-04-21T09:00:00", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { name: "RHSA-2011:0910", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0910.html", }, { name: "1025236", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1025236", }, { name: "MDVSA-2011:098", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:098", }, { name: "RHSA-2011:0909", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0909.html", }, { name: "APPLE-SA-2011-03-21-1", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html", }, { name: "RHSA-2011:0908", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0908.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=682332", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ext/bigdecimal/bigdecimal.c?r1=29364&r2=30993", }, { name: "MDVSA-2011:097", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:097", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT4581", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "product-security@apple.com", ID: "CVE-2011-0188", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an \"integer truncation issue.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2011:0910", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2011-0910.html", }, { name: "1025236", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1025236", }, { name: "MDVSA-2011:098", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:098", }, { name: "RHSA-2011:0909", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2011-0909.html", }, { name: "APPLE-SA-2011-03-21-1", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html", }, { name: "RHSA-2011:0908", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2011-0908.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=682332", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=682332", }, { name: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ext/bigdecimal/bigdecimal.c?r1=29364&r2=30993", refsource: "CONFIRM", url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ext/bigdecimal/bigdecimal.c?r1=29364&r2=30993", }, { name: "MDVSA-2011:097", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:097", }, { name: "http://support.apple.com/kb/HT4581", refsource: "CONFIRM", url: "http://support.apple.com/kb/HT4581", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2011-0188", datePublished: "2011-03-23T01:00:00", dateReserved: "2010-12-23T00:00:00", dateUpdated: "2024-08-06T21:43:15.487Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-41819
Vulnerability from cvelistv5
Published
2022-01-01 00:00
Modified
2024-08-04 03:22
Severity ?
EPSS score ?
Summary
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:22:24.942Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://hackerone.com/reports/910552", }, { tags: [ "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220121-0003/", }, { name: "FEDORA-2022-82a9edac27", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/", }, { name: "FEDORA-2022-8cf0124add", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/", }, { name: "GLSA-202401-27", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202401-27", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-24T05:06:40.201990", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://hackerone.com/reports/910552", }, { url: "https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/", }, { url: "https://security.netapp.com/advisory/ntap-20220121-0003/", }, { name: "FEDORA-2022-82a9edac27", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/", }, { name: "FEDORA-2022-8cf0124add", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/", }, { name: "GLSA-202401-27", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202401-27", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-41819", datePublished: "2022-01-01T00:00:00", dateReserved: "2021-09-29T00:00:00", dateUpdated: "2024-08-04T03:22:24.942Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-1933
Vulnerability from cvelistv5
Published
2013-04-25 23:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/92117 | vdb-entry, x_refsource_OSVDB | |
| http://vapid.dhs.org/advisories/karteek-docsplit-cmd-inject.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/83277 | vdb-entry, x_refsource_XF | |
| http://www.openwall.com/lists/oss-security/2013/04/08/15 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T15:20:37.230Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "92117", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/92117", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://vapid.dhs.org/advisories/karteek-docsplit-cmd-inject.html", }, { name: "karteekdocsplit-cve20131933-command-exec(83277)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/83277", }, { name: "[oss-security] 20130408 Re: Remote Command Injection Ruby Gem Karteek Docsplit 0.5.4", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/04/08/15", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-04-08T00:00:00", descriptions: [ { lang: "en", value: "The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "92117", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/92117", }, { tags: [ "x_refsource_MISC", ], url: "http://vapid.dhs.org/advisories/karteek-docsplit-cmd-inject.html", }, { name: "karteekdocsplit-cve20131933-command-exec(83277)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/83277", }, { name: "[oss-security] 20130408 Re: Remote Command Injection Ruby Gem Karteek Docsplit 0.5.4", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2013/04/08/15", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2013-1933", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "92117", refsource: "OSVDB", url: "http://osvdb.org/92117", }, { name: "http://vapid.dhs.org/advisories/karteek-docsplit-cmd-inject.html", refsource: "MISC", url: "http://vapid.dhs.org/advisories/karteek-docsplit-cmd-inject.html", }, { name: "karteekdocsplit-cve20131933-command-exec(83277)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/83277", }, { name: "[oss-security] 20130408 Re: Remote Command Injection Ruby Gem Karteek Docsplit 0.5.4", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2013/04/08/15", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-1933", datePublished: "2013-04-25T23:00:00", dateReserved: "2013-02-19T00:00:00", dateUpdated: "2024-08-06T15:20:37.230Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-3443
Vulnerability from cvelistv5
Published
2008-08-14 23:00
Modified
2024-08-07 09:37
Severity ?
EPSS score ?
Summary
The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:37:26.963Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "31430", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31430", }, { name: "USN-651-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/651-1/", }, { name: "33185", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33185", }, { name: "DSA-1695", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2009/dsa-1695", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT3549", }, { name: "30682", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/30682", }, { name: "FEDORA-2008-8736", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html", }, { name: "ruby-regex-dos(44688)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44688", }, { name: "4158", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/4158", }, { name: "35074", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/35074", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", }, { name: "1021075", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1021075", }, { name: "APPLE-SA-2009-05-12", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html", }, { name: "RHSA-2008:0895", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0895.html", }, { name: "RHSA-2008:0897", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { name: "33398", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33398", }, { name: "32219", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32219", }, { name: "6239", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/6239", }, { name: "TA09-133A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-133A.html", }, { name: "ADV-2009-1297", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/1297", }, { name: "USN-691-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/691-1/", }, { name: "oval:org.mitre.oval:def:9570", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9570", }, { name: "32371", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32371", }, { name: "32165", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32165", }, { name: "32372", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32372", }, { name: "FEDORA-2008-8738", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-08-13T00:00:00", descriptions: [ { lang: "en", value: "The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-03T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "31430", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31430", }, { name: "USN-651-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/651-1/", }, { name: "33185", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33185", }, { name: "DSA-1695", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2009/dsa-1695", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT3549", }, { name: "30682", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/30682", }, { name: "FEDORA-2008-8736", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html", }, { name: "ruby-regex-dos(44688)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44688", }, { name: "4158", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/4158", }, { name: "35074", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/35074", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", }, { name: "1021075", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1021075", }, { name: "APPLE-SA-2009-05-12", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html", }, { name: "RHSA-2008:0895", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0895.html", }, { name: "RHSA-2008:0897", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { name: "33398", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33398", }, { name: "32219", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32219", }, { name: "6239", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/6239", }, { name: "TA09-133A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-133A.html", }, { name: "ADV-2009-1297", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/1297", }, { name: "USN-691-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/691-1/", }, { name: "oval:org.mitre.oval:def:9570", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9570", }, { name: "32371", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32371", }, { name: "32165", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32165", }, { name: "32372", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32372", }, { name: "FEDORA-2008-8738", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-3443", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "31430", refsource: "SECUNIA", url: "http://secunia.com/advisories/31430", }, { name: "USN-651-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/651-1/", }, { name: "33185", refsource: "SECUNIA", url: "http://secunia.com/advisories/33185", }, { name: "DSA-1695", refsource: "DEBIAN", url: "http://www.debian.org/security/2009/dsa-1695", }, { name: "http://support.apple.com/kb/HT3549", refsource: "CONFIRM", url: "http://support.apple.com/kb/HT3549", }, { name: "30682", refsource: "BID", url: "http://www.securityfocus.com/bid/30682", }, { name: "FEDORA-2008-8736", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html", }, { name: "ruby-regex-dos(44688)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44688", }, { name: "4158", refsource: "SREASON", url: "http://securityreason.com/securityalert/4158", }, { name: "35074", refsource: "SECUNIA", url: "http://secunia.com/advisories/35074", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", }, { name: "1021075", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1021075", }, { name: "APPLE-SA-2009-05-12", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html", }, { name: "RHSA-2008:0895", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2008-0895.html", }, { name: "RHSA-2008:0897", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { name: "33398", refsource: "SECUNIA", url: "http://secunia.com/advisories/33398", }, { name: "32219", refsource: "SECUNIA", url: "http://secunia.com/advisories/32219", }, { name: "6239", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/6239", }, { name: "TA09-133A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA09-133A.html", }, { name: "ADV-2009-1297", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/1297", }, { name: "USN-691-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/691-1/", }, { name: "oval:org.mitre.oval:def:9570", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9570", }, { name: "32371", refsource: "SECUNIA", url: "http://secunia.com/advisories/32371", }, { name: "32165", refsource: "SECUNIA", url: "http://secunia.com/advisories/32165", }, { name: "32372", refsource: "SECUNIA", url: "http://secunia.com/advisories/32372", }, { name: "FEDORA-2008-8738", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-3443", datePublished: "2008-08-14T23:00:00", dateReserved: "2008-08-01T00:00:00", dateUpdated: "2024-08-07T09:37:26.963Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-41816
Vulnerability from cvelistv5
Published
2022-02-06 00:00
Modified
2024-08-04 03:22
Severity ?
EPSS score ?
Summary
CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:22:24.883Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://hackerone.com/reports/1328463", }, { tags: [ "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/", }, { tags: [ "x_transferred", ], url: "https://security-tracker.debian.org/tracker/CVE-2021-41816", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220303-0006/", }, { name: "FEDORA-2022-82a9edac27", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/", }, { name: "FEDORA-2022-8cf0124add", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/", }, { name: "GLSA-202401-27", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202401-27", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-24T05:06:22.268245", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://hackerone.com/reports/1328463", }, { url: "https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/", }, { url: "https://security-tracker.debian.org/tracker/CVE-2021-41816", }, { url: "https://security.netapp.com/advisory/ntap-20220303-0006/", }, { name: "FEDORA-2022-82a9edac27", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/", }, { name: "FEDORA-2022-8cf0124add", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/", }, { name: "GLSA-202401-27", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202401-27", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-41816", datePublished: "2022-02-06T00:00:00", dateReserved: "2021-09-29T00:00:00", dateUpdated: "2024-08-04T03:22:24.883Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-1855
Vulnerability from cvelistv5
Published
2019-11-29 20:46
Modified
2024-08-06 04:54
Severity ?
EPSS score ?
Summary
verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2015/dsa-3247 | x_refsource_MISC | |
| http://www.debian.org/security/2015/dsa-3245 | x_refsource_MISC | |
| http://www.debian.org/security/2015/dsa-3246 | x_refsource_MISC | |
| https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/ | x_refsource_MISC | |
| https://puppetlabs.com/security/cve/cve-2015-1855 | x_refsource_MISC | |
| https://bugs.ruby-lang.org/issues/9644 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:54:16.307Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3247", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3245", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3246", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://puppetlabs.com/security/cve/cve-2015-1855", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.ruby-lang.org/issues/9644", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Ruby", vendor: "Ruby", versions: [ { status: "affected", version: "before 2.0.0 patchlevel 645", }, { status: "affected", version: "2.1.x before 2.1.6", }, { status: "affected", version: "and 2.2.x before 2.2.2", }, ], }, ], datePublic: "2015-05-02T00:00:00", descriptions: [ { lang: "en", value: "verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.", }, ], problemTypes: [ { descriptions: [ { description: "Other", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-11-29T20:46:48", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.debian.org/security/2015/dsa-3247", }, { tags: [ "x_refsource_MISC", ], url: "http://www.debian.org/security/2015/dsa-3245", }, { tags: [ "x_refsource_MISC", ], url: "http://www.debian.org/security/2015/dsa-3246", }, { tags: [ "x_refsource_MISC", ], url: "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/", }, { tags: [ "x_refsource_MISC", ], url: "https://puppetlabs.com/security/cve/cve-2015-1855", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.ruby-lang.org/issues/9644", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-1855", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Ruby", version: { version_data: [ { version_value: "before 2.0.0 patchlevel 645", }, { version_value: "2.1.x before 2.1.6", }, { version_value: "and 2.2.x before 2.2.2", }, ], }, }, ], }, vendor_name: "Ruby", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Other", }, ], }, ], }, references: { reference_data: [ { name: "http://www.debian.org/security/2015/dsa-3247", refsource: "MISC", url: "http://www.debian.org/security/2015/dsa-3247", }, { name: "http://www.debian.org/security/2015/dsa-3245", refsource: "MISC", url: "http://www.debian.org/security/2015/dsa-3245", }, { name: "http://www.debian.org/security/2015/dsa-3246", refsource: "MISC", url: "http://www.debian.org/security/2015/dsa-3246", }, { name: "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/", refsource: "MISC", url: "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/", }, { name: "https://puppetlabs.com/security/cve/cve-2015-1855", refsource: "MISC", url: "https://puppetlabs.com/security/cve/cve-2015-1855", }, { name: "https://bugs.ruby-lang.org/issues/9644", refsource: "MISC", url: "https://bugs.ruby-lang.org/issues/9644", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-1855", datePublished: "2019-11-29T20:46:48", dateReserved: "2015-02-17T00:00:00", dateUpdated: "2024-08-06T04:54:16.307Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-2336
Vulnerability from cvelistv5
Published
2017-01-06 21:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.talosintelligence.com/reports/TALOS-2016-0029/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:24:48.901Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.talosintelligence.com/reports/TALOS-2016-0029/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Ruby", vendor: "Ruby", versions: [ { status: "affected", version: "2.3.0 dev", }, { status: "affected", version: "2.2.2", }, ], }, ], datePublic: "2016-06-14T00:00:00", descriptions: [ { lang: "en", value: "Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "type confusion", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-01-06T20:57:01", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.talosintelligence.com/reports/TALOS-2016-0029/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cert@cert.org", ID: "CVE-2016-2336", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Ruby", version: { version_data: [ { version_value: "2.3.0 dev", }, { version_value: "2.2.2", }, ], }, }, ], }, vendor_name: "Ruby", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "type confusion", }, ], }, ], }, references: { reference_data: [ { name: "http://www.talosintelligence.com/reports/TALOS-2016-0029/", refsource: "MISC", url: "http://www.talosintelligence.com/reports/TALOS-2016-0029/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2016-2336", datePublished: "2017-01-06T21:00:00", dateReserved: "2016-02-12T00:00:00", dateUpdated: "2024-08-05T23:24:48.901Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-14033
Vulnerability from cvelistv5
Published
2017-09-19 17:00
Modified
2024-08-05 19:13
Severity ?
EPSS score ?
Summary
The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T19:13:41.487Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2018:0585", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0585", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/", }, { name: "RHSA-2018:0378", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0378", }, { name: "1042004", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1042004", }, { name: "DSA-4031", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2017/dsa-4031", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/", }, { name: "1039363", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1039363", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { name: "RHSA-2018:0583", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/", }, { name: "100868", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/100868", }, { name: "GLSA-201710-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201710-18", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-09-14T00:00:00", descriptions: [ { lang: "en", value: "The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-31T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "RHSA-2018:0585", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0585", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/", }, { name: "RHSA-2018:0378", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0378", }, { name: "1042004", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1042004", }, { name: "DSA-4031", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2017/dsa-4031", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/", }, { name: "1039363", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1039363", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { name: "RHSA-2018:0583", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/", }, { name: "100868", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/100868", }, { name: "GLSA-201710-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201710-18", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-14033", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2018:0585", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0585", }, { name: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/", }, { name: "RHSA-2018:0378", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0378", }, { name: "1042004", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1042004", }, { name: "DSA-4031", refsource: "DEBIAN", url: "https://www.debian.org/security/2017/dsa-4031", }, { name: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/", }, { name: "1039363", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039363", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { name: "RHSA-2018:0583", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { name: "https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/", }, { name: "100868", refsource: "BID", url: "http://www.securityfocus.com/bid/100868", }, { name: "GLSA-201710-18", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201710-18", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-14033", datePublished: "2017-09-19T17:00:00", dateReserved: "2017-08-30T00:00:00", dateUpdated: "2024-08-05T19:13:41.487Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-41817
Vulnerability from cvelistv5
Published
2022-01-01 00:00
Modified
2024-08-04 03:22
Severity ?
EPSS score ?
Summary
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:22:24.342Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://hackerone.com/reports/1254844", }, { tags: [ "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/", }, { name: "FEDORA-2022-82a9edac27", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/", }, { name: "FEDORA-2022-8cf0124add", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/", }, { name: "GLSA-202401-27", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202401-27", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-24T05:06:33.551146", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://hackerone.com/reports/1254844", }, { url: "https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/", }, { name: "FEDORA-2022-82a9edac27", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/", }, { name: "FEDORA-2022-8cf0124add", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/", }, { name: "GLSA-202401-27", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202401-27", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-41817", datePublished: "2022-01-01T00:00:00", dateReserved: "2021-09-29T00:00:00", dateUpdated: "2024-08-04T03:22:24.342Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-1911
Vulnerability from cvelistv5
Published
2013-04-03 00:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in (1) an mp3 URL or (2) file name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://otiose.dhs.org/advisories/ldoce-0.0.2-cmd-exec.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/58783 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2013-04/0010.html | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/83163 | vdb-entry, x_refsource_XF | |
| http://www.openwall.com/lists/oss-security/2013/03/31/3 | mailing-list, x_refsource_MLIST | |
| http://osvdb.org/91870 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T15:20:36.282Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://otiose.dhs.org/advisories/ldoce-0.0.2-cmd-exec.html", }, { name: "58783", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/58783", }, { name: "20130401 Remote command execution in Ruby Gem ldoce 0.0.2", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-04/0010.html", }, { name: "rubygem-cve20131911-command-exec(83163)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/83163", }, { name: "[oss-security] 20130331 Re: Remote command execution in Ruby Gem ldoce 0.0.2", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/03/31/3", }, { name: "91870", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/91870", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-03-31T00:00:00", descriptions: [ { lang: "en", value: "lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in (1) an mp3 URL or (2) file name.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://otiose.dhs.org/advisories/ldoce-0.0.2-cmd-exec.html", }, { name: "58783", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/58783", }, { name: "20130401 Remote command execution in Ruby Gem ldoce 0.0.2", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-04/0010.html", }, { name: "rubygem-cve20131911-command-exec(83163)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/83163", }, { name: "[oss-security] 20130331 Re: Remote command execution in Ruby Gem ldoce 0.0.2", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2013/03/31/3", }, { name: "91870", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/91870", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2013-1911", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in (1) an mp3 URL or (2) file name.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://otiose.dhs.org/advisories/ldoce-0.0.2-cmd-exec.html", refsource: "MISC", url: "http://otiose.dhs.org/advisories/ldoce-0.0.2-cmd-exec.html", }, { name: "58783", refsource: "BID", url: "http://www.securityfocus.com/bid/58783", }, { name: "20130401 Remote command execution in Ruby Gem ldoce 0.0.2", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2013-04/0010.html", }, { name: "rubygem-cve20131911-command-exec(83163)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/83163", }, { name: "[oss-security] 20130331 Re: Remote command execution in Ruby Gem ldoce 0.0.2", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2013/03/31/3", }, { name: "91870", refsource: "OSVDB", url: "http://osvdb.org/91870", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-1911", datePublished: "2013-04-03T00:00:00", dateReserved: "2013-02-19T00:00:00", dateUpdated: "2024-08-06T15:20:36.282Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-10933
Vulnerability from cvelistv5
Published
2020-05-04 14:54
Modified
2024-08-04 11:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933/ | x_refsource_CONFIRM | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.netapp.com/advisory/ntap-20200625-0001/ | x_refsource_CONFIRM | |
| https://www.debian.org/security/2020/dsa-4721 | vendor-advisory, x_refsource_DEBIAN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:21:13.597Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933/", }, { name: "FEDORA-2020-a95706b117", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200625-0001/", }, { name: "DSA-4721", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4721", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-08T23:06:16", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933/", }, { name: "FEDORA-2020-a95706b117", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200625-0001/", }, { name: "DSA-4721", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4721", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-10933", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933/", }, { name: "FEDORA-2020-a95706b117", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/", }, { name: "https://security.netapp.com/advisory/ntap-20200625-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200625-0001/", }, { name: "DSA-4721", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4721", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-10933", datePublished: "2020-05-04T14:54:00", dateReserved: "2020-03-24T00:00:00", dateUpdated: "2024-08-04T11:21:13.597Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-28738
Vulnerability from cvelistv5
Published
2022-05-09 00:00
Modified
2024-08-03 06:03
Severity ?
EPSS score ?
Summary
A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:03:52.623Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://hackerone.com/reports/1220911", }, { tags: [ "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/", }, { tags: [ "x_transferred", ], url: "https://security-tracker.debian.org/tracker/CVE-2022-28738", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220624-0002/", }, { name: "GLSA-202401-27", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202401-27", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-24T05:06:35.199929", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://hackerone.com/reports/1220911", }, { url: "https://www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/", }, { url: "https://security-tracker.debian.org/tracker/CVE-2022-28738", }, { url: "https://security.netapp.com/advisory/ntap-20220624-0002/", }, { name: "GLSA-202401-27", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202401-27", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-28738", datePublished: "2022-05-09T00:00:00", dateReserved: "2022-04-06T00:00:00", dateUpdated: "2024-08-03T06:03:52.623Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-4121
Vulnerability from cvelistv5
Published
2019-11-26 04:35
Modified
2024-08-07 00:01
Severity ?
EPSS score ?
Summary
The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2011-4121 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4121 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2011-4121 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2013/07/01/1 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenSSL | OpenSSL extension of Ruby (Git trunk) |
Version: versions after 2011-09-01 up to 2011-11-03 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T00:01:50.387Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://security-tracker.debian.org/tracker/CVE-2011-4121", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4121", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://access.redhat.com/security/cve/cve-2011-4121", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/07/01/1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "OpenSSL extension of Ruby (Git trunk)", vendor: "OpenSSL", versions: [ { status: "affected", version: "versions after 2011-09-01 up to 2011-11-03", }, ], }, ], descriptions: [ { lang: "en", value: "The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism.", }, ], problemTypes: [ { descriptions: [ { description: "Other", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-11-26T04:35:56", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://security-tracker.debian.org/tracker/CVE-2011-4121", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4121", }, { tags: [ "x_refsource_MISC", ], url: "https://access.redhat.com/security/cve/cve-2011-4121", }, { tags: [ "x_refsource_MISC", ], url: "http://www.openwall.com/lists/oss-security/2013/07/01/1", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2011-4121", datePublished: "2019-11-26T04:35:56", dateReserved: "2011-10-18T00:00:00", dateUpdated: "2024-08-07T00:01:50.387Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-6438
Vulnerability from cvelistv5
Published
2017-09-06 21:00
Modified
2024-08-06 12:17
Severity ?
EPSS score ?
Summary
The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032874 | vdb-entry, x_refsource_SECTRACK | |
| https://www.ruby-lang.org/en/news/2014/08/19/ruby-1-9-2-p330-released/ | x_refsource_CONFIRM | |
| https://github.com/ruby/www.ruby-lang.org/issues/817 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2015/07/13/6 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T12:17:23.859Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1032874", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1032874", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2014/08/19/ruby-1-9-2-p330-released/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/ruby/www.ruby-lang.org/issues/817", }, { name: "[oss-security] 20150713 Re: Retroactive CVE request for Ruby 1.9.2-p330", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/07/13/6", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-08-19T00:00:00", descriptions: [ { lang: "en", value: "The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-06T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1032874", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1032874", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2014/08/19/ruby-1-9-2-p330-released/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/ruby/www.ruby-lang.org/issues/817", }, { name: "[oss-security] 20150713 Re: Retroactive CVE request for Ruby 1.9.2-p330", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/07/13/6", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-6438", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1032874", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1032874", }, { name: "https://www.ruby-lang.org/en/news/2014/08/19/ruby-1-9-2-p330-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2014/08/19/ruby-1-9-2-p330-released/", }, { name: "https://github.com/ruby/www.ruby-lang.org/issues/817", refsource: "CONFIRM", url: "https://github.com/ruby/www.ruby-lang.org/issues/817", }, { name: "[oss-security] 20150713 Re: Retroactive CVE request for Ruby 1.9.2-p330", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/07/13/6", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-6438", datePublished: "2017-09-06T21:00:00", dateReserved: "2014-09-16T00:00:00", dateUpdated: "2024-08-06T12:17:23.859Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28756
Vulnerability from cvelistv5
Published
2023-03-31 00:00
Modified
2024-11-27 14:53
Severity ?
EPSS score ?
Summary
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T13:51:37.879Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released/", }, { tags: [ "x_transferred", ], url: "https://www.ruby-lang.org/en/downloads/releases/", }, { tags: [ "x_transferred", ], url: "https://github.com/ruby/time/releases/", }, { tags: [ "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/", }, { name: "FEDORA-2023-6b924d3b75", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA/", }, { name: "FEDORA-2023-a7be7ea1aa", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z/", }, { name: "FEDORA-2023-f58d72c700", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T/", }, { name: "[debian-lts-announce] 20230430 [SECURITY] [DLA 3408-1] jruby security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230526-0004/", }, { name: "GLSA-202401-27", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202401-27", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-28756", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-01-26T19:59:50.839606Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-27T14:53:22.202Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-24T05:06:38.560368", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released/", }, { url: "https://www.ruby-lang.org/en/downloads/releases/", }, { url: "https://github.com/ruby/time/releases/", }, { url: "https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/", }, { name: "FEDORA-2023-6b924d3b75", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA/", }, { name: "FEDORA-2023-a7be7ea1aa", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z/", }, { name: "FEDORA-2023-f58d72c700", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T/", }, { name: "[debian-lts-announce] 20230430 [SECURITY] [DLA 3408-1] jruby security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", }, { url: "https://security.netapp.com/advisory/ntap-20230526-0004/", }, { name: "GLSA-202401-27", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202401-27", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-28756", datePublished: "2023-03-31T00:00:00", dateReserved: "2023-03-23T00:00:00", dateUpdated: "2024-11-27T14:53:22.202Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-6181
Vulnerability from cvelistv5
Published
2017-04-03 05:44
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.ruby-lang.org/issues/13234 | x_refsource_CONFIRM | |
| https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/57660 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/97304 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:25:47.726Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.ruby-lang.org/issues/13234", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/57660", }, { name: "97304", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/97304", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-04-03T00:00:00", descriptions: [ { lang: "en", value: "The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-04-04T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.ruby-lang.org/issues/13234", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/57660", }, { name: "97304", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/97304", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-6181", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugs.ruby-lang.org/issues/13234", refsource: "CONFIRM", url: "https://bugs.ruby-lang.org/issues/13234", }, { name: "https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/57660", refsource: "CONFIRM", url: "https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/57660", }, { name: "97304", refsource: "BID", url: "http://www.securityfocus.com/bid/97304", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-6181", datePublished: "2017-04-03T05:44:00", dateReserved: "2017-02-21T00:00:00", dateUpdated: "2024-08-05T15:25:47.726Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4413
Vulnerability from cvelistv5
Published
2014-03-11 15:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in controller/concerns/render_redirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F (encoded dot dot slash) in the step.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/55151 | third-party-advisory, x_refsource_SECUNIA | |
| https://github.com/schneems/wicked/commit/fe31bb2533fffc9d098c69ebeb7afc3b80509f53 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/87783 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/62891 | vdb-entry, x_refsource_BID | |
| http://seclists.org/oss-sec/2013/q4/43 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:45:14.615Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "55151", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/55151", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/schneems/wicked/commit/fe31bb2533fffc9d098c69ebeb7afc3b80509f53", }, { name: "wicked-gem-cve20134413-dir-trav(87783)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/87783", }, { name: "62891", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/62891", }, { name: "[oss-security] 20131009 Re: Vulnerability Reported in my Ruby Gem", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://seclists.org/oss-sec/2013/q4/43", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-10-08T00:00:00", descriptions: [ { lang: "en", value: "Directory traversal vulnerability in controller/concerns/render_redirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F (encoded dot dot slash) in the step.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "55151", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/55151", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/schneems/wicked/commit/fe31bb2533fffc9d098c69ebeb7afc3b80509f53", }, { name: "wicked-gem-cve20134413-dir-trav(87783)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/87783", }, { name: "62891", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/62891", }, { name: "[oss-security] 20131009 Re: Vulnerability Reported in my Ruby Gem", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://seclists.org/oss-sec/2013/q4/43", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2013-4413", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Directory traversal vulnerability in controller/concerns/render_redirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F (encoded dot dot slash) in the step.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "55151", refsource: "SECUNIA", url: "http://secunia.com/advisories/55151", }, { name: "https://github.com/schneems/wicked/commit/fe31bb2533fffc9d098c69ebeb7afc3b80509f53", refsource: "CONFIRM", url: "https://github.com/schneems/wicked/commit/fe31bb2533fffc9d098c69ebeb7afc3b80509f53", }, { name: "wicked-gem-cve20134413-dir-trav(87783)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/87783", }, { name: "62891", refsource: "BID", url: "http://www.securityfocus.com/bid/62891", }, { name: "[oss-security] 20131009 Re: Vulnerability Reported in my Ruby Gem", refsource: "MLIST", url: "http://seclists.org/oss-sec/2013/q4/43", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-4413", datePublished: "2014-03-11T15:00:00", dateReserved: "2013-06-12T00:00:00", dateUpdated: "2024-08-06T16:45:14.615Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-7551
Vulnerability from cvelistv5
Published
2016-03-24 01:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html | vendor-advisory, x_refsource_APPLE | |
| https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.html | x_refsource_CONFIRM | |
| https://support.apple.com/HT206167 | x_refsource_CONFIRM | |
| https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a | x_refsource_CONFIRM | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344 | x_refsource_CONFIRM | |
| https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/ | x_refsource_CONFIRM | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551 | x_refsource_CONFIRM | |
| http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | x_refsource_CONFIRM | |
| https://puppet.com/security/cve/ruby-dec-2015-security-fixes | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2018:0583 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/76060 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:51:28.515Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "APPLE-SA-2016-03-21-5", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/HT206167", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://puppet.com/security/cve/ruby-dec-2015-security-fixes", }, { name: "RHSA-2018:0583", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { name: "76060", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/76060", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-12-16T00:00:00", descriptions: [ { lang: "en", value: "The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-03-27T09:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "APPLE-SA-2016-03-21-5", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/HT206167", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://puppet.com/security/cve/ruby-dec-2015-security-fixes", }, { name: "RHSA-2018:0583", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { name: "76060", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/76060", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2015-7551", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "APPLE-SA-2016-03-21-5", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", }, { name: "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.html", refsource: "CONFIRM", url: "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.html", }, { name: "https://support.apple.com/HT206167", refsource: "CONFIRM", url: "https://support.apple.com/HT206167", }, { name: "https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a", refsource: "CONFIRM", url: "https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a", }, { name: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344", refsource: "CONFIRM", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344", }, { name: "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/", }, { name: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551", refsource: "CONFIRM", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551", }, { name: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", }, { name: "https://puppet.com/security/cve/ruby-dec-2015-security-fixes", refsource: "CONFIRM", url: "https://puppet.com/security/cve/ruby-dec-2015-security-fixes", }, { name: "RHSA-2018:0583", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { name: "76060", refsource: "BID", url: "http://www.securityfocus.com/bid/76060", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-7551", datePublished: "2016-03-24T01:00:00", dateReserved: "2015-09-29T00:00:00", dateUpdated: "2024-08-06T07:51:28.515Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-1004
Vulnerability from cvelistv5
Published
2011-03-02 19:00
Modified
2024-08-06 22:14
Severity ?
EPSS score ?
Summary
The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T22:14:26.892Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2011:0910", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0910.html", }, { name: "46460", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/46460", }, { name: "[oss-security] 20110221 Re: CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2011/02/21/5", }, { name: "ADV-2011-0539", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2011/0539", }, { name: "RHSA-2011:0909", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0909.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=678913", }, { name: "43573", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/43573", }, { name: "[oss-security] 20110221 CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2011/02/21/2", }, { name: "70958", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/70958", }, { name: "FEDORA-2011-1876", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054422.html", }, { name: "FEDORA-2011-1913", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054436.html", }, { name: "43434", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/43434", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ruby-lang.org/en/news/2011/02/18/fileutils-is-vulnerable-to-symlink-race-attacks/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT5281", }, { name: "MDVSA-2011:097", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:097", }, { name: "APPLE-SA-2012-05-09-1", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-02-18T00:00:00", descriptions: [ { lang: "en", value: "The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2011-03-10T10:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2011:0910", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0910.html", }, { name: "46460", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/46460", }, { name: "[oss-security] 20110221 Re: CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2011/02/21/5", }, { name: "ADV-2011-0539", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2011/0539", }, { name: "RHSA-2011:0909", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0909.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=678913", }, { name: "43573", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/43573", }, { name: "[oss-security] 20110221 CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2011/02/21/2", }, { name: "70958", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/70958", }, { name: "FEDORA-2011-1876", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054422.html", }, { name: "FEDORA-2011-1913", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054436.html", }, { name: "43434", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/43434", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ruby-lang.org/en/news/2011/02/18/fileutils-is-vulnerable-to-symlink-race-attacks/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT5281", }, { name: "MDVSA-2011:097", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:097", }, { name: "APPLE-SA-2012-05-09-1", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2011-1004", datePublished: "2011-03-02T19:00:00", dateReserved: "2011-02-14T00:00:00", dateUpdated: "2024-08-06T22:14:26.892Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-4975
Vulnerability from cvelistv5
Published
2014-11-15 20:00
Modified
2024-08-06 11:34
Severity ?
EPSS score ?
Summary
Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T11:34:36.647Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20140709 Fwd: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2014/07/09/13", }, { name: "RHSA-2014:1912", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1912.html", }, { name: "68474", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/68474", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { name: "RHSA-2014:1913", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1913.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1118158", }, { name: "DSA-3157", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3157", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://advisories.mageia.org/MGASA-2014-0472.html", }, { name: "USN-2397-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2397-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.ruby-lang.org/issues/10019", }, { name: "MDVSA-2015:129", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:129", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=46778", }, { name: "RHSA-2014:1914", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1914.html", }, { name: "ruby-cve20144975-bo(94706)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94706", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-07-09T00:00:00", descriptions: [ { lang: "en", value: "Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[oss-security] 20140709 Fwd: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2014/07/09/13", }, { name: "RHSA-2014:1912", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1912.html", }, { name: "68474", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/68474", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { name: "RHSA-2014:1913", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1913.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1118158", }, { name: "DSA-3157", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2015/dsa-3157", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://advisories.mageia.org/MGASA-2014-0472.html", }, { name: "USN-2397-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2397-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.ruby-lang.org/issues/10019", }, { name: "MDVSA-2015:129", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:129", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=46778", }, { name: "RHSA-2014:1914", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1914.html", }, { name: "ruby-cve20144975-bo(94706)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94706", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-4975", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20140709 Fwd: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes)", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2014/07/09/13", }, { name: "RHSA-2014:1912", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1912.html", }, { name: "68474", refsource: "BID", url: "http://www.securityfocus.com/bid/68474", }, { name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { name: "RHSA-2014:1913", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1913.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1118158", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1118158", }, { name: "DSA-3157", refsource: "DEBIAN", url: "http://www.debian.org/security/2015/dsa-3157", }, { name: "http://advisories.mageia.org/MGASA-2014-0472.html", refsource: "CONFIRM", url: "http://advisories.mageia.org/MGASA-2014-0472.html", }, { name: "USN-2397-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2397-1", }, { name: "https://bugs.ruby-lang.org/issues/10019", refsource: "CONFIRM", url: "https://bugs.ruby-lang.org/issues/10019", }, { name: "MDVSA-2015:129", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:129", }, { name: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=46778", refsource: "CONFIRM", url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=46778", }, { name: "RHSA-2014:1914", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1914.html", }, { name: "ruby-cve20144975-bo(94706)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94706", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-4975", datePublished: "2014-11-15T20:00:00", dateReserved: "2014-07-15T00:00:00", dateUpdated: "2024-08-06T11:34:36.647Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-1891
Vulnerability from cvelistv5
Published
2008-04-18 22:00
Modified
2024-08-07 08:41
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:41:00.043Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "29794", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29794", }, { name: "SUSE-SR:2008:017", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { name: "MDVSA-2008:141", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { name: "ruby-webrick-cgi-info-disclosure(41824)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41824", }, { name: "31687", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31687", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://aluigi.altervista.org/adv/webrickcgi-adv.txt", }, { name: "FEDORA-2008-5649", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", }, { name: "MDVSA-2008:140", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { name: "30831", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30831", }, { name: "ADV-2008-1245", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1245/references", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-04-15T00:00:00", descriptions: [ { lang: "en", value: "Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "29794", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29794", }, { name: "SUSE-SR:2008:017", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { name: "MDVSA-2008:141", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { name: "ruby-webrick-cgi-info-disclosure(41824)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41824", }, { name: "31687", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31687", }, { tags: [ "x_refsource_MISC", ], url: "http://aluigi.altervista.org/adv/webrickcgi-adv.txt", }, { name: "FEDORA-2008-5649", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", }, { name: "MDVSA-2008:140", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { name: "30831", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30831", }, { name: "ADV-2008-1245", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1245/references", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-1891", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "29794", refsource: "SECUNIA", url: "http://secunia.com/advisories/29794", }, { name: "SUSE-SR:2008:017", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { name: "MDVSA-2008:141", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { name: "ruby-webrick-cgi-info-disclosure(41824)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41824", }, { name: "31687", refsource: "SECUNIA", url: "http://secunia.com/advisories/31687", }, { name: "http://aluigi.altervista.org/adv/webrickcgi-adv.txt", refsource: "MISC", url: "http://aluigi.altervista.org/adv/webrickcgi-adv.txt", }, { name: "FEDORA-2008-5649", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", }, { name: "MDVSA-2008:140", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { name: "30831", refsource: "SECUNIA", url: "http://secunia.com/advisories/30831", }, { name: "ADV-2008-1245", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1245/references", }, { name: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", refsource: "CONFIRM", url: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-1891", datePublished: "2008-04-18T22:00:00", dateReserved: "2008-04-18T00:00:00", dateUpdated: "2024-08-07T08:41:00.043Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-2726
Vulnerability from cvelistv5
Published
2008-06-24 19:00
Modified
2024-08-07 09:14
Severity ?
EPSS score ?
Summary
Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:14:14.543Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SR:2008:017", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT2163", }, { name: "31090", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31090", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", }, { name: "MDVSA-2008:141", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { name: "30875", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30875", }, { name: "ADV-2008-1981", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { name: "ruby-rbarysplice-begrlen-code-execution(43351)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43351", }, { name: "ADV-2008-1907", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1907/references", }, { name: "DSA-1618", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1618", }, { name: "31687", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31687", }, { name: "30894", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30894", }, { name: "31062", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31062", }, { name: "31256", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31256", }, { name: "20080626 rPSA-2008-0206-1 ruby", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/493688/100/0/threaded", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", }, { name: "SSA:2008-179-01", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562", }, { name: "APPLE-SA-2008-06-30", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { name: "1020347", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020347", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", }, { name: "[fedora-security-commits] 20080620 fedora-security/audit f10, 1.7, 1.8 f8, 1.225, 1.226 f9, 1.215, 1.216", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657", }, { name: "FEDORA-2008-5649", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", }, { name: "MDVSA-2008:140", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { name: "30802", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30802", }, { name: "30831", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30831", }, { name: "oval:org.mitre.oval:def:9959", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9959", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460", }, { name: "RHSA-2008:0561", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0561.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://issues.rpath.com/browse/RPL-2626", }, { name: "DSA-1612", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1612", }, { name: "GLSA-200812-17", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { name: "33178", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33178", }, { name: "29903", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29903", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", }, { name: "30867", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30867", }, { name: "MDVSA-2008:142", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.ruby-forum.com/topic/157034", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", }, { name: "USN-621-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-621-1", }, { name: "31181", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31181", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-06-19T00:00:00", descriptions: [ { lang: "en", value: "Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the \"beg + rlen\" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T19:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "SUSE-SR:2008:017", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT2163", }, { name: "31090", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31090", }, { tags: [ "x_refsource_MISC", ], url: "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", }, { name: "MDVSA-2008:141", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { name: "30875", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30875", }, { name: "ADV-2008-1981", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { name: "ruby-rbarysplice-begrlen-code-execution(43351)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43351", }, { name: "ADV-2008-1907", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1907/references", }, { name: "DSA-1618", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1618", }, { name: "31687", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31687", }, { name: "30894", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30894", }, { name: "31062", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31062", }, { name: "31256", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31256", }, { name: "20080626 rPSA-2008-0206-1 ruby", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/493688/100/0/threaded", }, { tags: [ "x_refsource_MISC", ], url: "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", }, { name: "SSA:2008-179-01", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562", }, { name: "APPLE-SA-2008-06-30", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { name: "1020347", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020347", }, { tags: [ "x_refsource_MISC", ], url: "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", }, { name: "[fedora-security-commits] 20080620 fedora-security/audit f10, 1.7, 1.8 f8, 1.225, 1.226 f9, 1.215, 1.216", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657", }, { name: "FEDORA-2008-5649", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", }, { name: "MDVSA-2008:140", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { name: "30802", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30802", }, { name: "30831", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30831", }, { name: "oval:org.mitre.oval:def:9959", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9959", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460", }, { name: "RHSA-2008:0561", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0561.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://issues.rpath.com/browse/RPL-2626", }, { name: "DSA-1612", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1612", }, { name: "GLSA-200812-17", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { name: "33178", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33178", }, { name: "29903", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29903", }, { tags: [ "x_refsource_MISC", ], url: "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", }, { name: "30867", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30867", }, { name: "MDVSA-2008:142", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", }, { tags: [ "x_refsource_MISC", ], url: "http://www.ruby-forum.com/topic/157034", }, { tags: [ "x_refsource_MISC", ], url: "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", }, { name: "USN-621-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-621-1", }, { name: "31181", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31181", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2008-2726", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the \"beg + rlen\" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "SUSE-SR:2008:017", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { name: "http://support.apple.com/kb/HT2163", refsource: "CONFIRM", url: "http://support.apple.com/kb/HT2163", }, { name: "31090", refsource: "SECUNIA", url: "http://secunia.com/advisories/31090", }, { name: "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", refsource: "MISC", url: "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", }, { name: "MDVSA-2008:141", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { name: "30875", refsource: "SECUNIA", url: "http://secunia.com/advisories/30875", }, { name: "ADV-2008-1981", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { name: "ruby-rbarysplice-begrlen-code-execution(43351)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43351", }, { name: "ADV-2008-1907", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1907/references", }, { name: "DSA-1618", refsource: "DEBIAN", url: "http://www.debian.org/security/2008/dsa-1618", }, { name: "31687", refsource: "SECUNIA", url: "http://secunia.com/advisories/31687", }, { name: "30894", refsource: "SECUNIA", url: "http://secunia.com/advisories/30894", }, { name: "31062", refsource: "SECUNIA", url: "http://secunia.com/advisories/31062", }, { name: "31256", refsource: "SECUNIA", url: "http://secunia.com/advisories/31256", }, { name: "20080626 rPSA-2008-0206-1 ruby", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/493688/100/0/threaded", }, { name: "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", refsource: "MISC", url: "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", }, { name: "SSA:2008-179-01", refsource: "SLACKWARE", url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562", }, { name: "APPLE-SA-2008-06-30", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { name: "1020347", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1020347", }, { name: "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", refsource: "MISC", url: "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", }, { name: "[fedora-security-commits] 20080620 fedora-security/audit f10, 1.7, 1.8 f8, 1.225, 1.226 f9, 1.215, 1.216", refsource: "MLIST", url: "http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html", }, { name: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", refsource: "CONFIRM", url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", }, { name: "https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657", refsource: "CONFIRM", url: "https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657", }, { name: "FEDORA-2008-5649", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", }, { name: "MDVSA-2008:140", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { name: "30802", refsource: "SECUNIA", url: "http://secunia.com/advisories/30802", }, { name: "30831", refsource: "SECUNIA", url: "http://secunia.com/advisories/30831", }, { name: "oval:org.mitre.oval:def:9959", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9959", }, { name: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460", refsource: "CONFIRM", url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460", }, { name: "RHSA-2008:0561", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2008-0561.html", }, { name: "https://issues.rpath.com/browse/RPL-2626", refsource: "CONFIRM", url: "https://issues.rpath.com/browse/RPL-2626", }, { name: "DSA-1612", refsource: "DEBIAN", url: "http://www.debian.org/security/2008/dsa-1612", }, { name: "GLSA-200812-17", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { name: "33178", refsource: "SECUNIA", url: "http://secunia.com/advisories/33178", }, { name: "29903", refsource: "BID", url: "http://www.securityfocus.com/bid/29903", }, { name: "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", refsource: "MISC", url: "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", }, { name: "30867", refsource: "SECUNIA", url: "http://secunia.com/advisories/30867", }, { name: "MDVSA-2008:142", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { name: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", refsource: "CONFIRM", url: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", }, { name: "http://www.ruby-forum.com/topic/157034", refsource: "MISC", url: "http://www.ruby-forum.com/topic/157034", }, { name: "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", refsource: "MISC", url: "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", }, { name: "USN-621-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/usn-621-1", }, { name: "31181", refsource: "SECUNIA", url: "http://secunia.com/advisories/31181", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2008-2726", datePublished: "2008-06-24T19:00:00", dateReserved: "2008-06-16T00:00:00", dateUpdated: "2024-08-07T09:14:14.543Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-5371
Vulnerability from cvelistv5
Published
2012-11-28 11:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.
References
| ▼ | URL | Tags |
|---|---|---|
| http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf | x_refsource_MISC | |
| http://securitytracker.com/id?1027747 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/87280 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/56484 | vdb-entry, x_refsource_BID | |
| https://www.131002.net/data/talks/appsec12_slides.pdf | x_refsource_MISC | |
| http://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371/ | x_refsource_CONFIRM | |
| http://2012.appsec-forum.ch/conferences/#c17 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=875236 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/51253 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.ocert.org/advisories/ocert-2012-001.html | x_refsource_MISC | |
| http://www.ubuntu.com/usn/USN-1733-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/79993 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T21:05:47.293Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf", }, { name: "1027747", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1027747", }, { name: "87280", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/87280", }, { name: "56484", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/56484", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.131002.net/data/talks/appsec12_slides.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://2012.appsec-forum.ch/conferences/#c17", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=875236", }, { name: "51253", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/51253", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.ocert.org/advisories/ocert-2012-001.html", }, { name: "USN-1733-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1733-1", }, { name: "ruby-hash-function-dos(79993)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79993", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-11-07T00:00:00", descriptions: [ { lang: "en", value: "Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf", }, { name: "1027747", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1027747", }, { name: "87280", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/87280", }, { name: "56484", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/56484", }, { tags: [ "x_refsource_MISC", ], url: "https://www.131002.net/data/talks/appsec12_slides.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371/", }, { tags: [ "x_refsource_MISC", ], url: "http://2012.appsec-forum.ch/conferences/#c17", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=875236", }, { name: "51253", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/51253", }, { tags: [ "x_refsource_MISC", ], url: "http://www.ocert.org/advisories/ocert-2012-001.html", }, { name: "USN-1733-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1733-1", }, { name: "ruby-hash-function-dos(79993)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79993", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2012-5371", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf", refsource: "MISC", url: "http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf", }, { name: "1027747", refsource: "SECTRACK", url: "http://securitytracker.com/id?1027747", }, { name: "87280", refsource: "OSVDB", url: "http://www.osvdb.org/87280", }, { name: "56484", refsource: "BID", url: "http://www.securityfocus.com/bid/56484", }, { name: "https://www.131002.net/data/talks/appsec12_slides.pdf", refsource: "MISC", url: "https://www.131002.net/data/talks/appsec12_slides.pdf", }, { name: "http://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371/", refsource: "CONFIRM", url: "http://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371/", }, { name: "http://2012.appsec-forum.ch/conferences/#c17", refsource: "MISC", url: "http://2012.appsec-forum.ch/conferences/#c17", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=875236", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=875236", }, { name: "51253", refsource: "SECUNIA", url: "http://secunia.com/advisories/51253", }, { name: "http://www.ocert.org/advisories/ocert-2012-001.html", refsource: "MISC", url: "http://www.ocert.org/advisories/ocert-2012-001.html", }, { name: "USN-1733-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-1733-1", }, { name: "ruby-hash-function-dos(79993)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79993", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2012-5371", datePublished: "2012-11-28T11:00:00", dateReserved: "2012-10-10T00:00:00", dateUpdated: "2024-08-06T21:05:47.293Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-0256
Vulnerability from cvelistv5
Published
2013-03-01 02:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:18:09.523Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2013:0701", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0701.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/", }, { name: "52774", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/52774", }, { name: "openSUSE-SU-2013:0303", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-02/msg00048.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://blog.segment7.net/2013/02/06/rdoc-xss-vulnerability-cve-2013-0256-releases-3-9-5-3-12-1-4-0-0-rc-2", }, { name: "RHSA-2013:0728", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0728.html", }, { name: "RHSA-2013:0686", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0686.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60", }, { name: "RHSA-2013:0548", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0548.html", }, { name: "USN-1733-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1733-1", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=907820", }, { name: "SUSE-SU-2013:0647", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-02-05T00:00:00", descriptions: [ { lang: "en", value: "darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-03-06T10:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2013:0701", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0701.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/", }, { name: "52774", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/52774", }, { name: "openSUSE-SU-2013:0303", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-02/msg00048.html", }, { tags: [ "x_refsource_MISC", ], url: "http://blog.segment7.net/2013/02/06/rdoc-xss-vulnerability-cve-2013-0256-releases-3-9-5-3-12-1-4-0-0-rc-2", }, { name: "RHSA-2013:0728", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0728.html", }, { name: "RHSA-2013:0686", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0686.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60", }, { name: "RHSA-2013:0548", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0548.html", }, { name: "USN-1733-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1733-1", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=907820", }, { name: "SUSE-SU-2013:0647", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2013-0256", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2013:0701", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-0701.html", }, { name: "http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/", refsource: "CONFIRM", url: "http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/", }, { name: "52774", refsource: "SECUNIA", url: "http://secunia.com/advisories/52774", }, { name: "openSUSE-SU-2013:0303", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-02/msg00048.html", }, { name: "http://blog.segment7.net/2013/02/06/rdoc-xss-vulnerability-cve-2013-0256-releases-3-9-5-3-12-1-4-0-0-rc-2", refsource: "MISC", url: "http://blog.segment7.net/2013/02/06/rdoc-xss-vulnerability-cve-2013-0256-releases-3-9-5-3-12-1-4-0-0-rc-2", }, { name: "RHSA-2013:0728", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-0728.html", }, { name: "RHSA-2013:0686", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-0686.html", }, { name: "https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60", refsource: "CONFIRM", url: "https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60", }, { name: "RHSA-2013:0548", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-0548.html", }, { name: "USN-1733-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-1733-1", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=907820", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=907820", }, { name: "SUSE-SU-2013:0647", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-0256", datePublished: "2013-03-01T02:00:00", dateReserved: "2012-12-06T00:00:00", dateUpdated: "2024-08-06T14:18:09.523Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-5770
Vulnerability from cvelistv5
Published
2007-11-14 01:00
Modified
2024-08-07 15:39
Severity ?
EPSS score ?
Summary
The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T15:39:13.628Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "27576", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27576", }, { name: "ADV-2007-4238", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/4238", }, { name: "26985", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/26985", }, { name: "TA07-352A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA07-352A.html", }, { name: "28136", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/28136", }, { name: "USN-596-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-596-1", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=362081", }, { name: "RHSA-2007:0961", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0961.html", }, { name: "RHSA-2007:0965", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0965.html", }, { name: "27756", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27756", }, { name: "DSA-1412", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2007/dsa-1412", }, { name: "27673", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27673", }, { name: "APPLE-SA-2007-12-17", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html", }, { name: "DSA-1410", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2007/dsa-1410", }, { name: "27769", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27769", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://docs.info.apple.com/article.html?artnum=307179", }, { name: "SUSE-SR:2007:024", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2007_24_sr.html", }, { name: "MDVSA-2008:029", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:029", }, { name: "29556", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29556", }, { name: "1018938", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1018938", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13656", }, { name: "27818", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27818", }, { name: "oval:org.mitre.oval:def:11025", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11025", }, { name: "28645", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/28645", }, { name: "DSA-1411", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2007/dsa-1411", }, { name: "26421", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/26421", }, { name: "27764", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27764", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-11-01T00:00:00", descriptions: [ { lang: "en", value: "The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-28T12:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "27576", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27576", }, { name: "ADV-2007-4238", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/4238", }, { name: "26985", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/26985", }, { name: "TA07-352A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA07-352A.html", }, { name: "28136", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/28136", }, { name: "USN-596-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-596-1", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=362081", }, { name: "RHSA-2007:0961", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0961.html", }, { name: "RHSA-2007:0965", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0965.html", }, { name: "27756", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27756", }, { name: "DSA-1412", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2007/dsa-1412", }, { name: "27673", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27673", }, { name: "APPLE-SA-2007-12-17", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html", }, { name: "DSA-1410", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2007/dsa-1410", }, { name: "27769", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27769", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://docs.info.apple.com/article.html?artnum=307179", }, { name: "SUSE-SR:2007:024", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2007_24_sr.html", }, { name: "MDVSA-2008:029", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:029", }, { name: "29556", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29556", }, { name: "1018938", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1018938", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13656", }, { name: "27818", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27818", }, { name: "oval:org.mitre.oval:def:11025", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11025", }, { name: "28645", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/28645", }, { name: "DSA-1411", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2007/dsa-1411", }, { name: "26421", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/26421", }, { name: "27764", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27764", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2007-5770", datePublished: "2007-11-14T01:00:00", dateReserved: "2007-11-01T00:00:00", dateUpdated: "2024-08-07T15:39:13.628Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-5247
Vulnerability from cvelistv5
Published
2020-02-28 16:55
Modified
2024-08-04 08:22
Severity ?
EPSS score ?
Summary
In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v | x_refsource_CONFIRM | |
| https://owasp.org/www-community/attacks/HTTP_Response_Splitting | x_refsource_MISC | |
| https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ3LL5F5QADB6LM46GXZETREAKZMQNRD/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMJ3CGZ3DLBJ5WUUKMI5ZFXFJQMXJZIK/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIHVO3CQMU7BZC7FCTSRJ33YDNS3GFPK/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:22:09.079Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://owasp.org/www-community/attacks/HTTP_Response_Splitting", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254", }, { name: "FEDORA-2020-a3f26a9387", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ3LL5F5QADB6LM46GXZETREAKZMQNRD/", }, { name: "FEDORA-2020-fd87f90634", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMJ3CGZ3DLBJ5WUUKMI5ZFXFJQMXJZIK/", }, { name: "FEDORA-2020-08092b4c97", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIHVO3CQMU7BZC7FCTSRJ33YDNS3GFPK/", }, { name: "[debian-lts-announce] 20220525 [SECURITY] [DLA 3023-1] puma security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Puma", vendor: "puma", versions: [ { status: "affected", version: "< 3.12.3", }, { status: "affected", version: ">= 4.0.0, < 4.3.2", }, ], }, ], descriptions: [ { lang: "en", value: "In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-113", description: "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-26T00:06:12", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v", }, { tags: [ "x_refsource_MISC", ], url: "https://owasp.org/www-community/attacks/HTTP_Response_Splitting", }, { tags: [ "x_refsource_MISC", ], url: "https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254", }, { name: "FEDORA-2020-a3f26a9387", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ3LL5F5QADB6LM46GXZETREAKZMQNRD/", }, { name: "FEDORA-2020-fd87f90634", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMJ3CGZ3DLBJ5WUUKMI5ZFXFJQMXJZIK/", }, { name: "FEDORA-2020-08092b4c97", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIHVO3CQMU7BZC7FCTSRJ33YDNS3GFPK/", }, { name: "[debian-lts-announce] 20220525 [SECURITY] [DLA 3023-1] puma security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html", }, ], source: { advisory: "GHSA-84j7-475p-hp8v", discovery: "UNKNOWN", }, title: "HTTP Response Splitting in Puma", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2020-5247", STATE: "PUBLIC", TITLE: "HTTP Response Splitting in Puma", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Puma", version: { version_data: [ { version_value: "< 3.12.3", }, { version_value: ">= 4.0.0, < 4.3.2", }, ], }, }, ], }, vendor_name: "puma", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v", refsource: "CONFIRM", url: "https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v", }, { name: "https://owasp.org/www-community/attacks/HTTP_Response_Splitting", refsource: "MISC", url: "https://owasp.org/www-community/attacks/HTTP_Response_Splitting", }, { name: "https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254", refsource: "MISC", url: "https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254", }, { name: "FEDORA-2020-a3f26a9387", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJ3LL5F5QADB6LM46GXZETREAKZMQNRD/", }, { name: "FEDORA-2020-fd87f90634", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMJ3CGZ3DLBJ5WUUKMI5ZFXFJQMXJZIK/", }, { name: "FEDORA-2020-08092b4c97", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIHVO3CQMU7BZC7FCTSRJ33YDNS3GFPK/", }, { name: "[debian-lts-announce] 20220525 [SECURITY] [DLA 3023-1] puma security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html", }, ], }, source: { advisory: "GHSA-84j7-475p-hp8v", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2020-5247", datePublished: "2020-02-28T16:55:15", dateReserved: "2020-01-02T00:00:00", dateUpdated: "2024-08-04T08:22:09.079Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-14064
Vulnerability from cvelistv5
Published
2017-08-31 17:00
Modified
2024-08-05 19:13
Severity ?
EPSS score ?
Summary
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T19:13:41.685Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-3685-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3685-1/", }, { name: "RHSA-2018:0585", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0585", }, { name: "DSA-3966", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2017/dsa-3966", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/", }, { name: "RHSA-2018:0378", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0378", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://hackerone.com/reports/209949", }, { name: "1042004", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1042004", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/", }, { name: "1039363", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1039363", }, { name: "RHSA-2017:3485", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:3485", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { name: "RHSA-2018:0583", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.ruby-lang.org/issues/13853", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85", }, { name: "100890", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/100890", }, { name: "GLSA-201710-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201710-18", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-08-31T00:00:00", descriptions: [ { lang: "en", value: "Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-31T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "USN-3685-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3685-1/", }, { name: "RHSA-2018:0585", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0585", }, { name: "DSA-3966", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2017/dsa-3966", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/", }, { name: "RHSA-2018:0378", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0378", }, { tags: [ "x_refsource_MISC", ], url: "https://hackerone.com/reports/209949", }, { name: "1042004", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1042004", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/", }, { name: "1039363", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1039363", }, { name: "RHSA-2017:3485", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:3485", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { name: "RHSA-2018:0583", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.ruby-lang.org/issues/13853", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85", }, { name: "100890", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/100890", }, { name: "GLSA-201710-18", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201710-18", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-14064", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "USN-3685-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3685-1/", }, { name: "RHSA-2018:0585", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0585", }, { name: "DSA-3966", refsource: "DEBIAN", url: "https://www.debian.org/security/2017/dsa-3966", }, { name: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/", }, { name: "RHSA-2018:0378", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0378", }, { name: "https://hackerone.com/reports/209949", refsource: "MISC", url: "https://hackerone.com/reports/209949", }, { name: "1042004", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1042004", }, { name: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/", }, { name: "1039363", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039363", }, { name: "RHSA-2017:3485", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:3485", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { name: "RHSA-2018:0583", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { name: "https://bugs.ruby-lang.org/issues/13853", refsource: "MISC", url: "https://bugs.ruby-lang.org/issues/13853", }, { name: "https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85", refsource: "MISC", url: "https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85", }, { name: "100890", refsource: "BID", url: "http://www.securityfocus.com/bid/100890", }, { name: "GLSA-201710-18", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201710-18", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-14064", datePublished: "2017-08-31T17:00:00", dateReserved: "2017-08-31T00:00:00", dateUpdated: "2024-08-05T19:13:41.685Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-5162
Vulnerability from cvelistv5
Published
2007-10-01 00:00
Modified
2024-08-07 15:24
Severity ?
EPSS score ?
Summary
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T15:24:41.704Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13499", }, { name: "25847", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/25847", }, { name: "20071112 FLEA-2007-0068-1 ruby", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/483577/100/0/threaded", }, { name: "27576", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27576", }, { name: "26985", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/26985", }, { name: "ADV-2007-3340", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/3340", }, { name: "USN-596-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-596-1", }, { name: "ruby-nethttps-mitm(36861)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36861", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=313791", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13500", }, { name: "FEDORA-2007-2685", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00391.html", }, { name: "27044", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27044", }, { name: "RHSA-2007:0961", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0961.html", }, { name: "RHSA-2007:0965", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0965.html", }, { name: "27756", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27756", }, { name: "DSA-1412", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2007/dsa-1412", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.isecpartners.com/advisories/2007-006-rubyssl.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13502", }, { name: "27673", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27673", }, { name: "oval:org.mitre.oval:def:10738", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10738", }, { name: "DSA-1410", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2007/dsa-1410", }, { name: "27769", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27769", }, { name: "FEDORA-2007-718", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00087.html", }, { name: "SUSE-SR:2007:024", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2007_24_sr.html", }, { name: "MDVSA-2008:029", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:029", }, { name: "29556", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29556", }, { name: "27818", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27818", }, { name: "27432", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27432", }, { name: "20070927 Ruby Net::HTTPS library does not validate server certificate CN", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/480987/100/0/threaded", }, { name: "3180", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/3180", }, { name: "FEDORA-2007-2406", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00097.html", }, { name: "28645", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/28645", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13504", }, { name: "DSA-1411", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2007/dsa-1411", }, { name: "27764", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27764", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-09-27T00:00:00", descriptions: [ { lang: "en", value: "The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-15T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13499", }, { name: "25847", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/25847", }, { name: "20071112 FLEA-2007-0068-1 ruby", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/483577/100/0/threaded", }, { name: "27576", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27576", }, { name: "26985", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/26985", }, { name: "ADV-2007-3340", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/3340", }, { name: "USN-596-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-596-1", }, { name: "ruby-nethttps-mitm(36861)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36861", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=313791", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13500", }, { name: "FEDORA-2007-2685", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00391.html", }, { name: "27044", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27044", }, { name: "RHSA-2007:0961", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0961.html", }, { name: "RHSA-2007:0965", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0965.html", }, { name: "27756", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27756", }, { name: "DSA-1412", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2007/dsa-1412", }, { tags: [ "x_refsource_MISC", ], url: "http://www.isecpartners.com/advisories/2007-006-rubyssl.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13502", }, { name: "27673", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27673", }, { name: "oval:org.mitre.oval:def:10738", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10738", }, { name: "DSA-1410", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2007/dsa-1410", }, { name: "27769", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27769", }, { name: "FEDORA-2007-718", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00087.html", }, { name: "SUSE-SR:2007:024", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2007_24_sr.html", }, { name: "MDVSA-2008:029", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:029", }, { name: "29556", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29556", }, { name: "27818", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27818", }, { name: "27432", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27432", }, { name: "20070927 Ruby Net::HTTPS library does not validate server certificate CN", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/480987/100/0/threaded", }, { name: "3180", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/3180", }, { name: "FEDORA-2007-2406", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00097.html", }, { name: "28645", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/28645", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13504", }, { name: "DSA-1411", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2007/dsa-1411", }, { name: "27764", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27764", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-5162", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13499", refsource: "CONFIRM", url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13499", }, { name: "25847", refsource: "BID", url: "http://www.securityfocus.com/bid/25847", }, { name: "20071112 FLEA-2007-0068-1 ruby", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/483577/100/0/threaded", }, { name: "27576", refsource: "SECUNIA", url: "http://secunia.com/advisories/27576", }, { name: "26985", refsource: "SECUNIA", url: "http://secunia.com/advisories/26985", }, { name: "ADV-2007-3340", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/3340", }, { name: "USN-596-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/usn-596-1", }, { name: "ruby-nethttps-mitm(36861)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36861", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=313791", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=313791", }, { name: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13500", refsource: "CONFIRM", url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13500", }, { name: "FEDORA-2007-2685", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00391.html", }, { name: "27044", refsource: "SECUNIA", url: "http://secunia.com/advisories/27044", }, { name: "RHSA-2007:0961", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2007-0961.html", }, { name: "RHSA-2007:0965", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2007-0965.html", }, { name: "27756", refsource: "SECUNIA", url: "http://secunia.com/advisories/27756", }, { name: "DSA-1412", refsource: "DEBIAN", url: "http://www.debian.org/security/2007/dsa-1412", }, { name: "http://www.isecpartners.com/advisories/2007-006-rubyssl.txt", refsource: "MISC", url: "http://www.isecpartners.com/advisories/2007-006-rubyssl.txt", }, { name: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13502", refsource: "CONFIRM", url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13502", }, { name: "27673", refsource: "SECUNIA", url: "http://secunia.com/advisories/27673", }, { name: "oval:org.mitre.oval:def:10738", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10738", }, { name: "DSA-1410", refsource: "DEBIAN", url: "http://www.debian.org/security/2007/dsa-1410", }, { name: "27769", refsource: "SECUNIA", url: "http://secunia.com/advisories/27769", }, { name: "FEDORA-2007-718", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00087.html", }, { name: "SUSE-SR:2007:024", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2007_24_sr.html", }, { name: "MDVSA-2008:029", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:029", }, { name: "29556", refsource: "SECUNIA", url: "http://secunia.com/advisories/29556", }, { name: "27818", refsource: "SECUNIA", url: "http://secunia.com/advisories/27818", }, { name: "27432", refsource: "SECUNIA", url: "http://secunia.com/advisories/27432", }, { name: "20070927 Ruby Net::HTTPS library does not validate server certificate CN", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/480987/100/0/threaded", }, { name: "3180", refsource: "SREASON", url: "http://securityreason.com/securityalert/3180", }, { name: "FEDORA-2007-2406", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00097.html", }, { name: "28645", refsource: "SECUNIA", url: "http://secunia.com/advisories/28645", }, { name: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13504", refsource: "CONFIRM", url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13504", }, { name: "DSA-1411", refsource: "DEBIAN", url: "http://www.debian.org/security/2007/dsa-1411", }, { name: "27764", refsource: "SECUNIA", url: "http://secunia.com/advisories/27764", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-5162", datePublished: "2007-10-01T00:00:00", dateReserved: "2007-09-30T00:00:00", dateUpdated: "2024-08-07T15:24:41.704Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4136
Vulnerability from cvelistv5
Published
2013-09-30 19:00
Modified
2024-09-17 03:38
Severity ?
EPSS score ?
Summary
ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/phusion/passenger/blob/release-4.0.6/NEWS | x_refsource_CONFIRM | |
| https://code.google.com/p/phusion-passenger/issues/detail?id=910 | x_refsource_CONFIRM | |
| https://github.com/phusion/passenger/commit/5483b3292cc2af1c83033eaaadec20dba4dcfd9b | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2013-1136.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.openwall.com/lists/oss-security/2013/07/16/6 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:30:49.986Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/phusion/passenger/blob/release-4.0.6/NEWS", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://code.google.com/p/phusion-passenger/issues/detail?id=910", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/phusion/passenger/commit/5483b3292cc2af1c83033eaaadec20dba4dcfd9b", }, { name: "RHSA-2013:1136", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1136.html", }, { name: "[oss-security] 20130716 Re: Re: Insecure temp files usage in phusion passenger (other than CVE-2013-2119)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/07/16/6", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-09-30T19:00:00Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/phusion/passenger/blob/release-4.0.6/NEWS", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://code.google.com/p/phusion-passenger/issues/detail?id=910", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/phusion/passenger/commit/5483b3292cc2af1c83033eaaadec20dba4dcfd9b", }, { name: "RHSA-2013:1136", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1136.html", }, { name: "[oss-security] 20130716 Re: Re: Insecure temp files usage in phusion passenger (other than CVE-2013-2119)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2013/07/16/6", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2013-4136", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/phusion/passenger/blob/release-4.0.6/NEWS", refsource: "CONFIRM", url: "https://github.com/phusion/passenger/blob/release-4.0.6/NEWS", }, { name: "https://code.google.com/p/phusion-passenger/issues/detail?id=910", refsource: "CONFIRM", url: "https://code.google.com/p/phusion-passenger/issues/detail?id=910", }, { name: "https://github.com/phusion/passenger/commit/5483b3292cc2af1c83033eaaadec20dba4dcfd9b", refsource: "CONFIRM", url: "https://github.com/phusion/passenger/commit/5483b3292cc2af1c83033eaaadec20dba4dcfd9b", }, { name: "RHSA-2013:1136", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2013-1136.html", }, { name: "[oss-security] 20130716 Re: Re: Insecure temp files usage in phusion passenger (other than CVE-2013-2119)", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2013/07/16/6", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-4136", datePublished: "2013-09-30T19:00:00Z", dateReserved: "2013-06-12T00:00:00Z", dateUpdated: "2024-09-17T03:38:39.532Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-6914
Vulnerability from cvelistv5
Published
2018-04-03 22:00
Modified
2024-08-05 06:17
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:17:17.120Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", }, { name: "RHSA-2018:3729", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { name: "USN-3626-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3626-1/", }, { name: "1042004", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1042004", }, { name: "103686", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/103686", }, { name: "RHSA-2018:3730", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1358-1] ruby1.9.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html", }, { name: "RHSA-2018:3731", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", }, { name: "DSA-4259", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4259", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html", }, { name: "openSUSE-SU-2019:1771", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { name: "RHSA-2019:2028", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2028", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-03-28T00:00:00", descriptions: [ { lang: "en", value: "Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-06T16:06:26", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", }, { name: "RHSA-2018:3729", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { name: "USN-3626-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3626-1/", }, { name: "1042004", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1042004", }, { name: "103686", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/103686", }, { name: "RHSA-2018:3730", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1358-1] ruby1.9.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html", }, { name: "RHSA-2018:3731", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", }, { name: "DSA-4259", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4259", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html", }, { name: "openSUSE-SU-2019:1771", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { name: "RHSA-2019:2028", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2028", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-6914", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", }, { name: "RHSA-2018:3729", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { name: "USN-3626-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3626-1/", }, { name: "1042004", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1042004", }, { name: "103686", refsource: "BID", url: "http://www.securityfocus.com/bid/103686", }, { name: "RHSA-2018:3730", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1358-1] ruby1.9.1 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html", }, { name: "RHSA-2018:3731", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { name: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { name: "https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/", }, { name: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", }, { name: "DSA-4259", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4259", }, { name: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html", }, { name: "openSUSE-SU-2019:1771", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { name: "RHSA-2019:2028", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2028", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-6914", datePublished: "2018-04-03T22:00:00", dateReserved: "2018-02-12T00:00:00", dateUpdated: "2024-08-05T06:17:17.120Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-2376
Vulnerability from cvelistv5
Published
2008-07-09 00:00
Modified
2024-08-07 08:58
Severity ?
EPSS score ?
Summary
Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:58:02.531Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "31090", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31090", }, { name: "USN-651-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/651-1/", }, { name: "MDVSA-2008:141", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { name: "APPLE-SA-2008-09-15", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html", }, { name: "31006", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31006", }, { name: "FEDORA-2008-6033", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00112.html", }, { name: "DSA-1618", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1618", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0218", }, { name: "TA08-260A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA08-260A.html", }, { name: "ADV-2008-2584", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2584", }, { name: "31062", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31062", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://issues.rpath.com/browse/RPL-2639", }, { name: "31256", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31256", }, { name: "FEDORA-2008-6094", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00161.html", }, { name: "32219", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32219", }, { name: "[oss-security] 20080702 More ruby integer overflows (rb_ary_fill / Array#fill)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2008/07/02/3", }, { name: "MDVSA-2008:140", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { name: "oval:org.mitre.oval:def:9863", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9863", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://wiki.rpath.com/Advisories:rPSA-2008-0218", }, { name: "RHSA-2008:0561", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0561.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17756", }, { name: "DSA-1612", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1612", }, { name: "GLSA-200812-17", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { name: "33178", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33178", }, { name: "30927", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30927", }, { name: "20080708 rPSA-2008-0218-1 ruby", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/494104/100/0/threaded", }, { name: "MDVSA-2008:142", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { name: "31181", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31181", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-07-02T00:00:00", descriptions: [ { lang: "en", value: "Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T19:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "31090", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31090", }, { name: "USN-651-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/651-1/", }, { name: "MDVSA-2008:141", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { name: "APPLE-SA-2008-09-15", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html", }, { name: "31006", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31006", }, { name: "FEDORA-2008-6033", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00112.html", }, { name: "DSA-1618", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1618", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0218", }, { name: "TA08-260A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA08-260A.html", }, { name: "ADV-2008-2584", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2584", }, { name: "31062", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31062", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://issues.rpath.com/browse/RPL-2639", }, { name: "31256", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31256", }, { name: "FEDORA-2008-6094", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00161.html", }, { name: "32219", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32219", }, { name: "[oss-security] 20080702 More ruby integer overflows (rb_ary_fill / Array#fill)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2008/07/02/3", }, { name: "MDVSA-2008:140", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { name: "oval:org.mitre.oval:def:9863", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9863", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://wiki.rpath.com/Advisories:rPSA-2008-0218", }, { name: "RHSA-2008:0561", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0561.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17756", }, { name: "DSA-1612", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1612", }, { name: "GLSA-200812-17", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { name: "33178", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33178", }, { name: "30927", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30927", }, { name: "20080708 rPSA-2008-0218-1 ruby", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/494104/100/0/threaded", }, { name: "MDVSA-2008:142", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { name: "31181", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31181", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2008-2376", datePublished: "2008-07-09T00:00:00", dateReserved: "2008-05-21T00:00:00", dateUpdated: "2024-08-07T08:58:02.531Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-8080
Vulnerability from cvelistv5
Published
2014-11-03 16:00
Modified
2024-08-06 13:10
Severity ?
EPSS score ?
Summary
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T13:10:50.075Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "61607", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61607", }, { name: "openSUSE-SU-2014:1589", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://advisories.mageia.org/MGASA-2014-0443.html", }, { name: "RHSA-2014:1912", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1912.html", }, { name: "DSA-3159", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3159", }, { name: "62050", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/62050", }, { name: "APPLE-SA-2015-09-30-3", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { name: "RHSA-2014:1913", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1913.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/HT205267", }, { name: "RHSA-2014:1911", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1911.html", }, { name: "70935", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/70935", }, { name: "DSA-3157", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3157", }, { name: "USN-2397-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2397-1", }, { name: "62748", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/62748", }, { name: "MDVSA-2015:129", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:129", }, { name: "openSUSE-SU-2015:0007", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html", }, { name: "RHSA-2014:1914", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1914.html", }, { name: "openSUSE-SU-2015:0002", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-10-27T00:00:00", descriptions: [ { lang: "en", value: "The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-30T16:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "61607", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61607", }, { name: "openSUSE-SU-2014:1589", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://advisories.mageia.org/MGASA-2014-0443.html", }, { name: "RHSA-2014:1912", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1912.html", }, { name: "DSA-3159", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2015/dsa-3159", }, { name: "62050", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/62050", }, { name: "APPLE-SA-2015-09-30-3", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { name: "RHSA-2014:1913", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1913.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/HT205267", }, { name: "RHSA-2014:1911", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1911.html", }, { name: "70935", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/70935", }, { name: "DSA-3157", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2015/dsa-3157", }, { name: "USN-2397-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2397-1", }, { name: "62748", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/62748", }, { name: "MDVSA-2015:129", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:129", }, { name: "openSUSE-SU-2015:0007", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html", }, { name: "RHSA-2014:1914", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1914.html", }, { name: "openSUSE-SU-2015:0002", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-8080", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "61607", refsource: "SECUNIA", url: "http://secunia.com/advisories/61607", }, { name: "openSUSE-SU-2014:1589", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html", }, { name: "http://advisories.mageia.org/MGASA-2014-0443.html", refsource: "CONFIRM", url: "http://advisories.mageia.org/MGASA-2014-0443.html", }, { name: "RHSA-2014:1912", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1912.html", }, { name: "DSA-3159", refsource: "DEBIAN", url: "http://www.debian.org/security/2015/dsa-3159", }, { name: "62050", refsource: "SECUNIA", url: "http://secunia.com/advisories/62050", }, { name: "APPLE-SA-2015-09-30-3", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html", }, { name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { name: "RHSA-2014:1913", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1913.html", }, { name: "https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/", }, { name: "https://support.apple.com/HT205267", refsource: "CONFIRM", url: "https://support.apple.com/HT205267", }, { name: "RHSA-2014:1911", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1911.html", }, { name: "70935", refsource: "BID", url: "http://www.securityfocus.com/bid/70935", }, { name: "DSA-3157", refsource: "DEBIAN", url: "http://www.debian.org/security/2015/dsa-3157", }, { name: "USN-2397-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2397-1", }, { name: "62748", refsource: "SECUNIA", url: "http://secunia.com/advisories/62748", }, { name: "MDVSA-2015:129", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:129", }, { name: "openSUSE-SU-2015:0007", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html", }, { name: "RHSA-2014:1914", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1914.html", }, { name: "openSUSE-SU-2015:0002", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-8080", datePublished: "2014-11-03T16:00:00", dateReserved: "2014-10-09T00:00:00", dateUpdated: "2024-08-06T13:10:50.075Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-17790
Vulnerability from cvelistv5
Published
2017-12-20 09:00
Modified
2024-08-05 20:59
Severity ?
EPSS score ?
Summary
The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:0585 | vendor-advisory, x_refsource_REDHAT | |
| https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2018:0378 | vendor-advisory, x_refsource_REDHAT | |
| https://github.com/ruby/ruby/pull/1777 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2018:0584 | vendor-advisory, x_refsource_REDHAT | |
| https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2018:0583 | vendor-advisory, x_refsource_REDHAT | |
| https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2018/dsa-4259 | vendor-advisory, x_refsource_DEBIAN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T20:59:17.807Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2018:0585", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0585", }, { name: "[debian-lts-announce] 20171225 [SECURITY] [DLA 1222-1] ruby1.8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html", }, { name: "RHSA-2018:0378", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0378", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/ruby/ruby/pull/1777", }, { name: "RHSA-2018:0584", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0584", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { name: "RHSA-2018:0583", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { name: "[debian-lts-announce] 20171225 [SECURITY] [DLA 1221-1] ruby1.9.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html", }, { name: "DSA-4259", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4259", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-12-20T00:00:00", descriptions: [ { lang: "en", value: "The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-08-02T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "RHSA-2018:0585", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0585", }, { name: "[debian-lts-announce] 20171225 [SECURITY] [DLA 1222-1] ruby1.8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html", }, { name: "RHSA-2018:0378", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0378", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/ruby/ruby/pull/1777", }, { name: "RHSA-2018:0584", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0584", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { name: "RHSA-2018:0583", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { name: "[debian-lts-announce] 20171225 [SECURITY] [DLA 1221-1] ruby1.9.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html", }, { name: "DSA-4259", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4259", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-17790", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2018:0585", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0585", }, { name: "[debian-lts-announce] 20171225 [SECURITY] [DLA 1222-1] ruby1.8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html", }, { name: "RHSA-2018:0378", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0378", }, { name: "https://github.com/ruby/ruby/pull/1777", refsource: "CONFIRM", url: "https://github.com/ruby/ruby/pull/1777", }, { name: "RHSA-2018:0584", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0584", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { name: "RHSA-2018:0583", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { name: "[debian-lts-announce] 20171225 [SECURITY] [DLA 1221-1] ruby1.9.1 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html", }, { name: "DSA-4259", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4259", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-17790", datePublished: "2017-12-20T09:00:00", dateReserved: "2017-12-20T00:00:00", dateUpdated: "2024-08-05T20:59:17.807Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-31810
Vulnerability from cvelistv5
Published
2021-07-13 00:00
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:10:30.684Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://hackerone.com/reports/1145454", }, { name: "FEDORA-2021-36cdab1f8d", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MWXHK5UUHVSHF7HTHMX6JY3WXDVNIHSL/", }, { name: "[debian-lts-announce] 20211013 [SECURITY] [DLA 2780-1] ruby2.3 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/10/msg00009.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210917-0001/", }, { name: "[debian-lts-announce] 20230430 [SECURITY] [DLA 3408-1] jruby security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", }, { name: "GLSA-202401-27", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202401-27", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-24T05:06:36.810387", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://hackerone.com/reports/1145454", }, { name: "FEDORA-2021-36cdab1f8d", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MWXHK5UUHVSHF7HTHMX6JY3WXDVNIHSL/", }, { name: "[debian-lts-announce] 20211013 [SECURITY] [DLA 2780-1] ruby2.3 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2021/10/msg00009.html", }, { url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { url: "https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/", }, { url: "https://security.netapp.com/advisory/ntap-20210917-0001/", }, { name: "[debian-lts-announce] 20230430 [SECURITY] [DLA 3408-1] jruby security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", }, { name: "GLSA-202401-27", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202401-27", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-31810", datePublished: "2021-07-13T00:00:00", dateReserved: "2021-04-26T00:00:00", dateUpdated: "2024-08-03T23:10:30.684Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-3905
Vulnerability from cvelistv5
Published
2008-09-04 17:00
Modified
2024-08-07 09:53
Severity ?
EPSS score ?
Summary
resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:53:00.497Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20080904 Re: CVE Request (ruby -- DNS spoofing vulnerability", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2008/09/04/9", }, { name: "31430", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31430", }, { name: "USN-651-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/651-1/", }, { name: "31699", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/31699", }, { name: "DSA-1652", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1652", }, { name: "FEDORA-2008-8736", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", }, { name: "DSA-1651", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1651", }, { name: "RHSA-2008:0897", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/", }, { name: "32219", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32219", }, { name: "32948", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32948", }, { name: "oval:org.mitre.oval:def:10034", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10034", }, { name: "32255", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32255", }, { name: "ruby-resolv-dns-spoofing(45935)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45935", }, { name: "32371", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32371", }, { name: "32165", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32165", }, { name: "GLSA-200812-17", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { name: "33178", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33178", }, { name: "ADV-2008-2334", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2334", }, { name: "SSA:2008-334-01", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.371754", }, { name: "FEDORA-2008-8738", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html", }, { name: "32256", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32256", }, { name: "[oss-security] 20080903 CVE Request (ruby -- DNS spoofing vulnerability in resolv.rb)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2008/09/03/3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-09-03T00:00:00", descriptions: [ { lang: "en", value: "resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-03T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[oss-security] 20080904 Re: CVE Request (ruby -- DNS spoofing vulnerability", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2008/09/04/9", }, { name: "31430", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31430", }, { name: "USN-651-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/651-1/", }, { name: "31699", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/31699", }, { name: "DSA-1652", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1652", }, { name: "FEDORA-2008-8736", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", }, { name: "DSA-1651", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1651", }, { name: "RHSA-2008:0897", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/", }, { name: "32219", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32219", }, { name: "32948", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32948", }, { name: "oval:org.mitre.oval:def:10034", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10034", }, { name: "32255", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32255", }, { name: "ruby-resolv-dns-spoofing(45935)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45935", }, { name: "32371", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32371", }, { name: "32165", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32165", }, { name: "GLSA-200812-17", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { name: "33178", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33178", }, { name: "ADV-2008-2334", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2334", }, { name: "SSA:2008-334-01", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.371754", }, { name: "FEDORA-2008-8738", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html", }, { name: "32256", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32256", }, { name: "[oss-security] 20080903 CVE Request (ruby -- DNS spoofing vulnerability in resolv.rb)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2008/09/03/3", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-3905", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20080904 Re: CVE Request (ruby -- DNS spoofing vulnerability", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2008/09/04/9", }, { name: "31430", refsource: "SECUNIA", url: "http://secunia.com/advisories/31430", }, { name: "USN-651-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/651-1/", }, { name: "31699", refsource: "BID", url: "http://www.securityfocus.com/bid/31699", }, { name: "DSA-1652", refsource: "DEBIAN", url: "http://www.debian.org/security/2008/dsa-1652", }, { name: "FEDORA-2008-8736", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", }, { name: "DSA-1651", refsource: "DEBIAN", url: "http://www.debian.org/security/2008/dsa-1651", }, { name: "RHSA-2008:0897", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { name: "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/", refsource: "CONFIRM", url: "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/", }, { name: "32219", refsource: "SECUNIA", url: "http://secunia.com/advisories/32219", }, { name: "32948", refsource: "SECUNIA", url: "http://secunia.com/advisories/32948", }, { name: "oval:org.mitre.oval:def:10034", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10034", }, { name: "32255", refsource: "SECUNIA", url: "http://secunia.com/advisories/32255", }, { name: "ruby-resolv-dns-spoofing(45935)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45935", }, { name: "32371", refsource: "SECUNIA", url: "http://secunia.com/advisories/32371", }, { name: "32165", refsource: "SECUNIA", url: "http://secunia.com/advisories/32165", }, { name: "GLSA-200812-17", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { name: "33178", refsource: "SECUNIA", url: "http://secunia.com/advisories/33178", }, { name: "ADV-2008-2334", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/2334", }, { name: "SSA:2008-334-01", refsource: "SLACKWARE", url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.371754", }, { name: "FEDORA-2008-8738", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html", }, { name: "32256", refsource: "SECUNIA", url: "http://secunia.com/advisories/32256", }, { name: "[oss-security] 20080903 CVE Request (ruby -- DNS spoofing vulnerability in resolv.rb)", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2008/09/03/3", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-3905", datePublished: "2008-09-04T17:00:00", dateReserved: "2008-09-04T00:00:00", dateUpdated: "2024-08-07T09:53:00.497Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2009-0642
Vulnerability from cvelistv5
Published
2009-02-18 17:00
Modified
2024-08-07 04:40
Severity ?
EPSS score ?
Summary
ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/35937 | third-party-advisory, x_refsource_SECUNIA | |
| http://redmine.ruby-lang.org/issues/show/1091 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48761 | vdb-entry, x_refsource_XF | |
| http://www.redhat.com/support/errata/RHSA-2009-1140.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.ubuntu.com/usn/USN-805-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.securityfocus.com/bid/33769 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1022505 | vdb-entry, x_refsource_SECTRACK | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11450 | vdb-entry, signature, x_refsource_OVAL | |
| http://secunia.com/advisories/35699 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:193 | vendor-advisory, x_refsource_MANDRIVA | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513528 | x_refsource_MISC | |
| http://secunia.com/advisories/33750 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T04:40:05.106Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "35937", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/35937", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://redmine.ruby-lang.org/issues/show/1091", }, { name: "ruby-ocspbasicverify-spoofing(48761)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48761", }, { name: "RHSA-2009:1140", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2009-1140.html", }, { name: "USN-805-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-805-1", }, { name: "33769", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/33769", }, { name: "1022505", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1022505", }, { name: "oval:org.mitre.oval:def:11450", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11450", }, { name: "35699", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/35699", }, { name: "MDVSA-2009:193", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:193", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513528", }, { name: "33750", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33750", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-01-29T00:00:00", descriptions: [ { lang: "en", value: "ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "35937", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/35937", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://redmine.ruby-lang.org/issues/show/1091", }, { name: "ruby-ocspbasicverify-spoofing(48761)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48761", }, { name: "RHSA-2009:1140", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2009-1140.html", }, { name: "USN-805-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-805-1", }, { name: "33769", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/33769", }, { name: "1022505", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1022505", }, { name: "oval:org.mitre.oval:def:11450", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11450", }, { name: "35699", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/35699", }, { name: "MDVSA-2009:193", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:193", }, { tags: [ "x_refsource_MISC", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513528", }, { name: "33750", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33750", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2009-0642", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "35937", refsource: "SECUNIA", url: "http://secunia.com/advisories/35937", }, { name: "http://redmine.ruby-lang.org/issues/show/1091", refsource: "CONFIRM", url: "http://redmine.ruby-lang.org/issues/show/1091", }, { name: "ruby-ocspbasicverify-spoofing(48761)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48761", }, { name: "RHSA-2009:1140", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2009-1140.html", }, { name: "USN-805-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-805-1", }, { name: "33769", refsource: "BID", url: "http://www.securityfocus.com/bid/33769", }, { name: "1022505", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1022505", }, { name: "oval:org.mitre.oval:def:11450", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11450", }, { name: "35699", refsource: "SECUNIA", url: "http://secunia.com/advisories/35699", }, { name: "MDVSA-2009:193", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:193", }, { name: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513528", refsource: "MISC", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513528", }, { name: "33750", refsource: "SECUNIA", url: "http://secunia.com/advisories/33750", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2009-0642", datePublished: "2009-02-18T17:00:00", dateReserved: "2009-02-18T00:00:00", dateUpdated: "2024-08-07T04:40:05.106Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-26142
Vulnerability from cvelistv5
Published
2024-02-27 15:25
Modified
2025-02-13 17:41
Severity ?
EPSS score ?
Summary
Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:59:32.697Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq", }, { name: "https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272", }, { name: "https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946", }, { name: "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240503-0003/", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:rails:rails:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "rails", vendor: "rails", versions: [ { lessThanOrEqual: "7.1.3.1", status: "affected", version: "7.1.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-26142", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-28T20:01:00.813235Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-28T15:55:41.386Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "rails", vendor: "rails", versions: [ { status: "affected", version: ">= 7.1.0, < 7.1.3.1", }, ], }, ], descriptions: [ { lang: "en", value: "Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1333", description: "CWE-1333: Inefficient Regular Expression Complexity", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-03T13:06:03.897Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq", }, { name: "https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272", tags: [ "x_refsource_MISC", ], url: "https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272", }, { name: "https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946", tags: [ "x_refsource_MISC", ], url: "https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946", }, { name: "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml", tags: [ "x_refsource_MISC", ], url: "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml", }, { url: "https://security.netapp.com/advisory/ntap-20240503-0003/", }, ], source: { advisory: "GHSA-jjhx-jhvp-74wq", discovery: "UNKNOWN", }, title: "Rails possible ReDoS vulnerability in Accept header parsing in Action Dispatch", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-26142", datePublished: "2024-02-27T15:25:44.103Z", dateReserved: "2024-02-14T17:40:03.688Z", dateUpdated: "2025-02-13T17:41:05.743Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-0175
Vulnerability from cvelistv5
Published
2013-04-25 23:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
multi_xml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/sferik/multi_xml/pull/34 | x_refsource_CONFIRM | |
| https://gist.github.com/nate/d7f6d9f4925f413621aa | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2013/01/11/9 | mailing-list, x_refsource_MLIST | |
| https://groups.google.com/forum/?fromgroups=#%21topic/ruby-grape/fthDkMgIOa0 | x_refsource_CONFIRM | |
| https://news.ycombinator.com/item?id=5040457 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:18:09.043Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/sferik/multi_xml/pull/34", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://gist.github.com/nate/d7f6d9f4925f413621aa", }, { name: "[oss-security] 20130111 Re: CVE request for multi_xml ruby gem (has same problem as CVE-2013-0156)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/01/11/9", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://groups.google.com/forum/?fromgroups=#%21topic/ruby-grape/fthDkMgIOa0", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://news.ycombinator.com/item?id=5040457", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "multi_xml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-04-25T23:00:00Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/sferik/multi_xml/pull/34", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://gist.github.com/nate/d7f6d9f4925f413621aa", }, { name: "[oss-security] 20130111 Re: CVE request for multi_xml ruby gem (has same problem as CVE-2013-0156)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2013/01/11/9", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://groups.google.com/forum/?fromgroups=#%21topic/ruby-grape/fthDkMgIOa0", }, { tags: [ "x_refsource_MISC", ], url: "https://news.ycombinator.com/item?id=5040457", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-0175", datePublished: "2013-04-25T23:00:00Z", dateReserved: "2012-12-06T00:00:00Z", dateUpdated: "2024-08-06T14:18:09.043Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-16201
Vulnerability from cvelistv5
Published
2019-11-26 00:00
Modified
2024-08-05 01:10
Severity ?
EPSS score ?
Summary
WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:10:41.604Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://hackerone.com/reports/661722", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", }, { name: "[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html", }, { name: "20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Dec/31", }, { name: "20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Dec/32", }, { name: "DSA-4587", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4587", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "GLSA-202003-06", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202003-06", }, { name: "openSUSE-SU-2020:0395", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html", }, { name: "[debian-lts-announce] 20200816 [SECURITY] [DLA 2330-1] jruby security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html", }, { name: "[debian-lts-announce] 20230430 [SECURITY] [DLA 3408-1] jruby security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-30T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://hackerone.com/reports/661722", }, { url: "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", }, { name: "[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html", }, { name: "20191217 [SECURITY] [DSA 4587-1] ruby2.3 security update", tags: [ "mailing-list", ], url: "https://seclists.org/bugtraq/2019/Dec/31", }, { name: "20191217 [SECURITY] [DSA 4586-1] ruby2.5 security update", tags: [ "mailing-list", ], url: "https://seclists.org/bugtraq/2019/Dec/32", }, { name: "DSA-4587", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2019/dsa-4587", }, { url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "GLSA-202003-06", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202003-06", }, { name: "openSUSE-SU-2020:0395", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html", }, { name: "[debian-lts-announce] 20200816 [SECURITY] [DLA 2330-1] jruby security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html", }, { name: "[debian-lts-announce] 20230430 [SECURITY] [DLA 3408-1] jruby security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-16201", datePublished: "2019-11-26T00:00:00", dateReserved: "2019-09-10T00:00:00", dateUpdated: "2024-08-05T01:10:41.604Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-2664
Vulnerability from cvelistv5
Published
2008-06-24 19:00
Modified
2024-08-07 09:05
Severity ?
EPSS score ?
Summary
The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:05:30.423Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SR:2008:017", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT2163", }, { name: "31090", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31090", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", }, { name: "MDVSA-2008:141", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { name: "30875", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30875", }, { name: "ruby-rbstrformat-code-execution(43348)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43348", }, { name: "ADV-2008-1981", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { name: "ADV-2008-1907", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1907/references", }, { name: "DSA-1618", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1618", }, { name: "31687", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31687", }, { name: "30894", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30894", }, { name: "31062", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31062", }, { name: "31256", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31256", }, { name: "20080626 rPSA-2008-0206-1 ruby", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/493688/100/0/threaded", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", }, { name: "SSA:2008-179-01", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562", }, { name: "APPLE-SA-2008-06-30", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { name: "1020347", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020347", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", }, { name: "FEDORA-2008-5649", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", }, { name: "MDVSA-2008:140", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { name: "30802", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30802", }, { name: "30831", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30831", }, { name: "oval:org.mitre.oval:def:9646", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9646", }, { name: "RHSA-2008:0561", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0561.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://issues.rpath.com/browse/RPL-2626", }, { name: "DSA-1612", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1612", }, { name: "GLSA-200812-17", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { name: "33178", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33178", }, { name: "29903", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29903", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", }, { name: "30867", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30867", }, { name: "MDVSA-2008:142", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.ruby-forum.com/topic/157034", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", }, { name: "USN-621-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-621-1", }, { name: "31181", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31181", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-06-21T00:00:00", descriptions: [ { lang: "en", value: "The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "SUSE-SR:2008:017", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT2163", }, { name: "31090", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31090", }, { tags: [ "x_refsource_MISC", ], url: "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", }, { name: "MDVSA-2008:141", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { name: "30875", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30875", }, { name: "ruby-rbstrformat-code-execution(43348)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43348", }, { name: "ADV-2008-1981", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { name: "ADV-2008-1907", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1907/references", }, { name: "DSA-1618", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1618", }, { name: "31687", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31687", }, { name: "30894", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30894", }, { name: "31062", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31062", }, { name: "31256", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31256", }, { name: "20080626 rPSA-2008-0206-1 ruby", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/493688/100/0/threaded", }, { tags: [ "x_refsource_MISC", ], url: "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", }, { name: "SSA:2008-179-01", tags: [ "vendor-advisory", "x_refsource_SLACKWARE", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562", }, { name: "APPLE-SA-2008-06-30", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { name: "1020347", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020347", }, { tags: [ "x_refsource_MISC", ], url: "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", }, { name: "FEDORA-2008-5649", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", }, { name: "MDVSA-2008:140", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { name: "30802", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30802", }, { name: "30831", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30831", }, { name: "oval:org.mitre.oval:def:9646", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9646", }, { name: "RHSA-2008:0561", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0561.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://issues.rpath.com/browse/RPL-2626", }, { name: "DSA-1612", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1612", }, { name: "GLSA-200812-17", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { name: "33178", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33178", }, { name: "29903", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29903", }, { tags: [ "x_refsource_MISC", ], url: "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", }, { name: "30867", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30867", }, { name: "MDVSA-2008:142", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", }, { tags: [ "x_refsource_MISC", ], url: "http://www.ruby-forum.com/topic/157034", }, { tags: [ "x_refsource_MISC", ], url: "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", }, { name: "USN-621-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-621-1", }, { name: "31181", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31181", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-2664", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "SUSE-SR:2008:017", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { name: "http://support.apple.com/kb/HT2163", refsource: "CONFIRM", url: "http://support.apple.com/kb/HT2163", }, { name: "31090", refsource: "SECUNIA", url: "http://secunia.com/advisories/31090", }, { name: "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", refsource: "MISC", url: "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", }, { name: "MDVSA-2008:141", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { name: "30875", refsource: "SECUNIA", url: "http://secunia.com/advisories/30875", }, { name: "ruby-rbstrformat-code-execution(43348)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43348", }, { name: "ADV-2008-1981", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { name: "ADV-2008-1907", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1907/references", }, { name: "DSA-1618", refsource: "DEBIAN", url: "http://www.debian.org/security/2008/dsa-1618", }, { name: "31687", refsource: "SECUNIA", url: "http://secunia.com/advisories/31687", }, { name: "30894", refsource: "SECUNIA", url: "http://secunia.com/advisories/30894", }, { name: "31062", refsource: "SECUNIA", url: "http://secunia.com/advisories/31062", }, { name: "31256", refsource: "SECUNIA", url: "http://secunia.com/advisories/31256", }, { name: "20080626 rPSA-2008-0206-1 ruby", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/493688/100/0/threaded", }, { name: "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", refsource: "MISC", url: "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", }, { name: "SSA:2008-179-01", refsource: "SLACKWARE", url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562", }, { name: "APPLE-SA-2008-06-30", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { name: "1020347", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1020347", }, { name: "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", refsource: "MISC", url: "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", }, { name: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", refsource: "CONFIRM", url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", }, { name: "FEDORA-2008-5649", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", }, { name: "MDVSA-2008:140", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { name: "30802", refsource: "SECUNIA", url: "http://secunia.com/advisories/30802", }, { name: "30831", refsource: "SECUNIA", url: "http://secunia.com/advisories/30831", }, { name: "oval:org.mitre.oval:def:9646", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9646", }, { name: "RHSA-2008:0561", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2008-0561.html", }, { name: "https://issues.rpath.com/browse/RPL-2626", refsource: "CONFIRM", url: "https://issues.rpath.com/browse/RPL-2626", }, { name: "DSA-1612", refsource: "DEBIAN", url: "http://www.debian.org/security/2008/dsa-1612", }, { name: "GLSA-200812-17", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { name: "33178", refsource: "SECUNIA", url: "http://secunia.com/advisories/33178", }, { name: "29903", refsource: "BID", url: "http://www.securityfocus.com/bid/29903", }, { name: "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", refsource: "MISC", url: "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", }, { name: "30867", refsource: "SECUNIA", url: "http://secunia.com/advisories/30867", }, { name: "MDVSA-2008:142", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { name: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", refsource: "CONFIRM", url: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", }, { name: "http://www.ruby-forum.com/topic/157034", refsource: "MISC", url: "http://www.ruby-forum.com/topic/157034", }, { name: "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", refsource: "MISC", url: "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", }, { name: "USN-621-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/usn-621-1", }, { name: "31181", refsource: "SECUNIA", url: "http://secunia.com/advisories/31181", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-2664", datePublished: "2008-06-24T19:00:00", dateReserved: "2008-06-10T00:00:00", dateUpdated: "2024-08-07T09:05:30.423Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-2119
Vulnerability from cvelistv5
Published
2014-01-02 21:00
Modified
2024-08-06 15:27
Severity ?
EPSS score ?
Summary
Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=892813 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2013-1136.html | vendor-advisory, x_refsource_REDHAT | |
| http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/ | x_refsource_CONFIRM | |
| http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T15:27:40.872Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=892813", }, { name: "RHSA-2013:1136", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1136.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-05-29T00:00:00", descriptions: [ { lang: "en", value: "Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary \"config\" file in a directory with a predictable name in /tmp/ before it is used by the gem.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-01-02T20:57:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=892813", }, { name: "RHSA-2013:1136", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1136.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-2119", datePublished: "2014-01-02T21:00:00", dateReserved: "2013-02-19T00:00:00", dateUpdated: "2024-08-06T15:27:40.872Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-8777
Vulnerability from cvelistv5
Published
2018-04-03 22:00
Modified
2024-08-05 07:02
Severity ?
EPSS score ?
Summary
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:02:26.039Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/", }, { name: "USN-3685-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3685-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", }, { name: "103683", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/103683", }, { name: "RHSA-2018:3729", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { name: "1042004", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1042004", }, { name: "RHSA-2018:3730", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1358-1] ruby1.9.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html", }, { name: "RHSA-2018:3731", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", }, { name: "DSA-4259", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4259", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html", }, { name: "openSUSE-SU-2019:1771", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { name: "RHSA-2019:2028", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2028", }, { name: "RHSA-2020:0542", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0542", }, { name: "RHSA-2020:0591", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0591", }, { name: "RHSA-2020:0663", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0663", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-03-28T00:00:00", descriptions: [ { lang: "en", value: "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-03T18:06:21", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/", }, { name: "USN-3685-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3685-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", }, { name: "103683", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/103683", }, { name: "RHSA-2018:3729", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { name: "1042004", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1042004", }, { name: "RHSA-2018:3730", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1358-1] ruby1.9.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html", }, { name: "RHSA-2018:3731", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", }, { name: "DSA-4259", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4259", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html", }, { name: "openSUSE-SU-2019:1771", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { name: "RHSA-2019:2028", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2028", }, { name: "RHSA-2020:0542", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0542", }, { name: "RHSA-2020:0591", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0591", }, { name: "RHSA-2020:0663", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0663", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-8777", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/", }, { name: "USN-3685-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3685-1/", }, { name: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", }, { name: "103683", refsource: "BID", url: "http://www.securityfocus.com/bid/103683", }, { name: "RHSA-2018:3729", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { name: "1042004", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1042004", }, { name: "RHSA-2018:3730", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1358-1] ruby1.9.1 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html", }, { name: "RHSA-2018:3731", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { name: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { name: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", }, { name: "DSA-4259", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4259", }, { name: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", refsource: "CONFIRM", url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", }, { name: "[debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html", }, { name: "openSUSE-SU-2019:1771", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { name: "RHSA-2019:2028", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2028", }, { name: "RHSA-2020:0542", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0542", }, { name: "RHSA-2020:0591", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0591", }, { name: "RHSA-2020:0663", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0663", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-8777", datePublished: "2018-04-03T22:00:00", dateReserved: "2018-03-19T00:00:00", dateUpdated: "2024-08-05T07:02:26.039Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-4481
Vulnerability from cvelistv5
Published
2013-05-02 14:00
Modified
2024-08-06 20:35
Severity ?
EPSS score ?
Summary
The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-0612.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.openwall.com/lists/oss-security/2012/10/05/4 | mailing-list, x_refsource_MLIST | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:124 | vendor-advisory, x_refsource_MANDRIVA | |
| http://rhn.redhat.com/errata/RHSA-2013-0129.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=863484 | x_refsource_CONFIRM | |
| https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T20:35:09.842Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2013:0612", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0612.html", }, { name: "[oss-security] 20121005 Re: CVE Request -- ruby (1.8.x with patched CVE-2011-1005): Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/10/05/4", }, { name: "MDVSA-2013:124", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:124", }, { name: "RHSA-2013:0129", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0129.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=863484", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-10-05T00:00:00", descriptions: [ { lang: "en", value: "The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-02-06T14:57:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2013:0612", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0612.html", }, { name: "[oss-security] 20121005 Re: CVE Request -- ruby (1.8.x with patched CVE-2011-1005): Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/10/05/4", }, { name: "MDVSA-2013:124", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:124", }, { name: "RHSA-2013:0129", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0129.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=863484", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-4481", datePublished: "2013-05-02T14:00:00", dateReserved: "2012-08-21T00:00:00", dateUpdated: "2024-08-06T20:35:09.842Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2023-03-31 04:15
Modified
2024-11-21 07:55
Severity ?
Summary
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | * | |
| ruby-lang | time | 0.1.0 | |
| ruby-lang | time | 0.2.1 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 36 | |
| fedoraproject | fedora | 37 | |
| fedoraproject | fedora | 38 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "6AFF74E1-5365-4D53-9D5A-B61F9DF2BA6C", versionEndIncluding: "2.7.7", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:time:0.1.0:*:*:*:*:ruby:*:*", matchCriteriaId: "209A0CC6-4BC5-4794-B71A-3C7AC6C5AF91", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:time:0.2.1:*:*:*:*:ruby:*:*", matchCriteriaId: "AE1F88CA-F758-4984-B132-7C0E944D92D8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.", }, ], id: "CVE-2023-28756", lastModified: "2024-11-21T07:55:56.653", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-31T04:15:09.090", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://github.com/ruby/time/releases/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z/", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/202401-27", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20230526-0004/", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://www.ruby-lang.org/en/downloads/releases/", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/ruby/time/releases/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202401-27", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20230526-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://www.ruby-lang.org/en/downloads/releases/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-1333", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-04-03 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in (1) an mp3 URL or (2) file name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mark_burns | ldoce | 0.0.2 | |
| ruby-lang | ruby | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mark_burns:ldoce:0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "D811774C-2E7B-4C18-9913-BA5D1616BD00", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "264DD094-A8CD-465D-B279-C834DDA5F79C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in (1) an mp3 URL or (2) file name.", }, { lang: "es", value: "lib/ldoce/word.rb en el gem ldoce 0.0.2 para Ruby, permite a atacantes remotos ejecutar comandos arbitrarios a través de meta caracteres de consola en (1) un mp3 o URL, o (2) en un nombre de archivo.", }, ], id: "CVE-2013-1911", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-04-03T00:55:02.267", references: [ { source: "secalert@redhat.com", tags: [ "Exploit", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-04/0010.html", }, { source: "secalert@redhat.com", url: "http://osvdb.org/91870", }, { source: "secalert@redhat.com", tags: [ "Exploit", ], url: "http://otiose.dhs.org/advisories/ldoce-0.0.2-cmd-exec.html", }, { source: "secalert@redhat.com", tags: [ "Exploit", ], url: "http://www.openwall.com/lists/oss-security/2013/03/31/3", }, { source: "secalert@redhat.com", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/58783", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/83163", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-04/0010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/91870", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://otiose.dhs.org/advisories/ldoce-0.0.2-cmd-exec.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.openwall.com/lists/oss-security/2013/03/31/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/58783", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/83163", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-03-01 05:40
Modified
2025-04-11 00:51
Severity ?
Summary
darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | rdoc | * | |
| ruby-lang | rdoc | 4.0.0 | |
| ruby-lang | ruby | 1.9 | |
| ruby-lang | ruby | 1.9.1 | |
| ruby-lang | ruby | 1.9.2 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 2.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:rdoc:*:*:*:*:*:ruby:*:*", matchCriteriaId: "C60BA6CA-3872-433E-9CDA-465EFB11F230", versionEndExcluding: "3.12", versionStartIncluding: "2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:rdoc:4.0.0:preview2:*:*:*:ruby:*:*", matchCriteriaId: "2C0C6748-AE0F-4E21-AA18-59583D5123AB", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*", matchCriteriaId: "D9237145-35F8-4E05-B730-77C0F386E5B2", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*", matchCriteriaId: "C78BB1D8-0505-484D-B824-1AA219F8B247", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*", matchCriteriaId: "5178D04D-1C29-4353-8987-559AA07443EC", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*", matchCriteriaId: "D0535DC9-EB0E-4745-80AC-4A020DF26E38", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*", matchCriteriaId: "94F5AA37-B466-4E2E-B217-5119BADDD87B", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*", matchCriteriaId: "6DF0F0F5-4022-4837-9B40-4B1127732CC9", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*", matchCriteriaId: "B3848B08-85C2-4AAD-AA33-CCEB80EF5B32", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*", matchCriteriaId: "B7927D40-2A3A-43AD-99F6-CE61882A1FF4", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*", matchCriteriaId: "AA406EC6-6CA5-40A6-A879-AA8940CBEF07", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*", matchCriteriaId: "90E0471D-1323-4E67-B66C-DEBF3BBAEEAA", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B03B7561-A854-4EFA-9E4E-CFC4EEAE4EE1", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*", matchCriteriaId: "285A3431-BDFE-40C5-92CD-B18217757C23", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*", matchCriteriaId: "D66B32CB-AC49-4A1C-85ED-6389F27CB319", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", matchCriteriaId: "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", matchCriteriaId: "E2076871-2E80-4605-A470-A41C1A8EC7EE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.", }, { lang: "es", value: "darkfish.js de RDoc v2.3.0 hasta v3.12 y v4.x antes de v4.0.0.preview2.1, tal como se utiliza en Ruby, no se generó correctamente los documentos, que permite a atacantes remotos realizar ejecución de secuencias de comandos en sitios cruzados (XSS) a través de una URL manipulada.", }, ], evaluatorImpact: "Per http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/\r\nAffected versions\r\nAll ruby 1.9 versions prior to ruby 1.9.3 patchlevel 383\r\nAll ruby 2.0 versions prior to ruby 2.0.0 rc2 or prior to trunk revision 39102\r\n", id: "CVE-2013-0256", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-03-01T05:40:17.583", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://blog.segment7.net/2013/02/06/rdoc-xss-vulnerability-cve-2013-0256-releases-3-9-5-3-12-1-4-0-0-rc-2", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2013-02/msg00048.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0548.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0686.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0701.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0728.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/52774", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-1733-1", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=907820", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://blog.segment7.net/2013/02/06/rdoc-xss-vulnerability-cve-2013-0256-releases-3-9-5-3-12-1-4-0-0-rc-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2013-02/msg00048.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0548.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0686.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0701.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0728.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/52774", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-1733-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=907820", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-26 18:15
Modified
2024-11-21 04:30
Severity ?
Summary
WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "A2C45233-D18A-47C8-8D49-BB05ADD50D88", versionEndIncluding: "2.4.7", versionStartIncluding: "2.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "6E259007-36E1-418F-8493-A5A7928129F6", versionEndIncluding: "2.5.6", versionStartIncluding: "2.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "E746C3E0-0162-4487-AB58-2579B2BE1FD4", versionEndIncluding: "2.6.4", versionStartIncluding: "2.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network.", }, { lang: "es", value: "La función WEBrick::HTTPAuth::DigestAuth en Ruby versiones hasta la versión 2.4.7, versiones 2.5.x hasta 2.5.6 y versiones 2.6.x hasta 2.6.4, tiene una expresión regular de denegación de servicio causada mediante looping/backtracking. Una víctima debe exponer un servidor WEBrick que usa DigestAuth en Internet o una red no segura.", }, ], id: "CVE-2019-16201", lastModified: "2024-11-21T04:30:15.713", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-26T18:15:15.100", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://hackerone.com/reports/661722", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", }, { source: "cve@mitre.org", url: "https://seclists.org/bugtraq/2019/Dec/31", }, { source: "cve@mitre.org", url: "https://seclists.org/bugtraq/2019/Dec/32", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/202003-06", }, { source: "cve@mitre.org", url: "https://www.debian.org/security/2019/dsa-4587", }, { source: "cve@mitre.org", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://hackerone.com/reports/661722", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://seclists.org/bugtraq/2019/Dec/31", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://seclists.org/bugtraq/2019/Dec/32", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202003-06", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.debian.org/security/2019/dsa-4587", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-04-18 22:05
Modified
2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "A27D6CAC-0E72-4C5A-9712-0DDD726EB3F0", versionEndIncluding: "1.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:*:*:*:*:*:*:*", matchCriteriaId: "C80BDE13-9CBB-4A5F-9BF4-BEB907CED271", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*", matchCriteriaId: "876B2575-4F81-4A70-9A88-9BEE44649626", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option.", }, { lang: "es", value: "Una vulnerabilidad de salto de directorio en WEBrick en Ruby versión 1.8.4 y anteriores, versión 1.8.5 anterior a 1.8.5-p231, versión 1.8.6 anterior a 1.8.6-p230, versión 1.8.7 anterior a 1.8.7-p22, y versión 1.9.0 anterior a 1.9.0-2, cuando se utilizan sistemas de archivos NTFS o FAT, permite a los atacantes remotos leer archivos CGI arbitrarios por medio de un trailing (1) + (más), (2) %2b (más codificado), (3) . (punto), (4) %2e (punto codificado) o (5) %20 (espacio codificado) en el URI, posiblemente relacionado con la función WEBrick::HTTPServlet::FileHandler y WEBrick::HTTPServer.new y la opción :DocumentRoot.", }, ], id: "CVE-2008-1891", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-04-18T22:05:00.000", references: [ { source: "cve@mitre.org", url: "http://aluigi.altervista.org/adv/webrickcgi-adv.txt", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/29794", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/30831", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/31687", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { source: "cve@mitre.org", url: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/1245/references", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41824", }, { source: "cve@mitre.org", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://aluigi.altervista.org/adv/webrickcgi-adv.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/29794", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/30831", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/31687", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/1245/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41824", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", }, ], sourceIdentifier: "cve@mitre.org", vendorComments: [ { comment: "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-1891\n\nThe risks associated with fixing this flaw outweigh the benefits of the fix. Red Hat does not plan to fix this flaw in Red Hat Enterprise Linux.", lastModified: "2009-06-10T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-07-19 21:29
Modified
2025-04-20 01:37
Severity ?
Summary
The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as a bypass of a $SAFE protection mechanism.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.ruby-lang.org/issues/13742 | Issue Tracking, Patch, Vendor Advisory | |
| cve@mitre.org | https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/59344 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.ruby-lang.org/issues/13742 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/59344 | Issue Tracking, Patch, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:*:*:*", matchCriteriaId: "946D2AB0-D334-4D94-BDA2-733BFC6C9E1E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as a bypass of a $SAFE protection mechanism.", }, { lang: "es", value: "La función parser_yyerror en el analizador UTF-8 de Ruby versión 2.4.1, permite a los atacantes causar una denegación de servicio (lectura o escritura no válidas) o posiblemente tener otro impacto no especificado por medio de un script Ruby creado, relacionado con la función parser_tokadd_utf8 en parse.y. NOTA: esto podría tener relevancia para la seguridad como una omisión de un mecanismo de protección $SAFE.", }, ], id: "CVE-2017-11465", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-19T21:29:00.243", references: [ { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugs.ruby-lang.org/issues/13742", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/59344", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugs.ruby-lang.org/issues/13742", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/59344", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-01 19:15
Modified
2024-11-21 06:06
Severity ?
Summary
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "45D6E5FE-D60E-41D3-9FCA-00F8218377EA", versionEndIncluding: "2.6.7", versionStartIncluding: "2.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "D29D5386-D306-4CB4-82EC-678319F0101D", versionEndIncluding: "2.7.3", versionStartIncluding: "2.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "528E25B8-22A4-4AAF-9582-76BCDF3705B5", versionEndIncluding: "3.0.1", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", matchCriteriaId: "D1298AA2-0103-4457-B260-F976B78468E7", versionEndExcluding: "9.2.6.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a \"StartTLS stripping attack.\"", }, { lang: "es", value: "Se ha detectado un problema en Ruby versiones hasta 2.6.7, versiones 2.7.x hasta 2.7.3, y versiones 3.x hasta 3.0.1. Net::IMAP no lanza una excepción cuando StartTLS falla con una respuesta desconocida, lo que podría permitir a atacantes tipo man-in-the-middle omitir las protecciones TLS, al aprovechar una posición de red entre el cliente y el registro para bloquear el comando StartTLS, también se conoce como \"StartTLS stripping attack\"", }, ], id: "CVE-2021-32066", lastModified: "2024-11-21T06:06:47.243", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-01T19:15:07.697", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/ruby/ruby/commit/a21a3b7d23704a01d34bd79d09dc37897e00922a", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://hackerone.com/reports/1178562", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/10/msg00009.html", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/202401-27", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210902-0004/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/ruby/ruby/commit/a21a3b7d23704a01d34bd79d09dc37897e00922a", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://hackerone.com/reports/1178562", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/10/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202401-27", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210902-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-755", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-04-25 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 2.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*", matchCriteriaId: "2D86FC99-3521-4E22-8FD3-65CEB05A6342", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p160:*:*:*:*:*:*", matchCriteriaId: "F81AB75D-9B8D-4880-A1FE-3DB24875BD1E", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*", matchCriteriaId: "84A291B0-EABD-4572-B8E2-2457DBAEDC92", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p173:*:*:*:*:*:*", matchCriteriaId: "8B8B0853-F277-4EF2-A3A2-FC88891AA175", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p174:*:*:*:*:*:*", matchCriteriaId: "470F9991-8033-49A2-B996-4D3595C221F4", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*", matchCriteriaId: "1FE05F3A-A8B5-45EE-BF52-D55E2768F890", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p248:*:*:*:*:*:*", matchCriteriaId: "9672DC94-7550-40C1-8FF3-5BD2DC1FA3B6", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p249:*:*:*:*:*:*", matchCriteriaId: "CDE72BB9-07AB-446A-81BE-85AF243BF3A2", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p299:*:*:*:*:*:*", matchCriteriaId: "55D77438-86CE-4256-8285-EB9CE372D0AD", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p301:*:*:*:*:*:*", matchCriteriaId: "404E191A-E394-4774-B1FB-2A7BB1558F0B", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p302:*:*:*:*:*:*", matchCriteriaId: "C1232504-801A-4EDD-A967-D22469181551", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p330:*:*:*:*:*:*", matchCriteriaId: "51F327AA-0F3A-4F81-AD6A-4CF36055D034", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p334:*:*:*:*:*:*", matchCriteriaId: "40E2C5E5-CB07-4CFE-A539-C199D76174F6", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p352:*:*:*:*:*:*", matchCriteriaId: "C5A64D8C-C117-4315-A2A3-2786D20BDE07", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p357:*:*:*:*:*:*", matchCriteriaId: "AFD81C81-4DE3-48F1-93F1-C6817F32AFBB", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p358:*:*:*:*:*:*", matchCriteriaId: "57813DB6-4CD3-4D6D-8028-65B71A34AC31", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p370:*:*:*:*:*:*", matchCriteriaId: "2FAA3BCC-496A-4D6D-8743-8022B202754D", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*", matchCriteriaId: "0C6D66E2-3E10-4DEA-9E6B-53A5DE78AFCF", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p72:*:*:*:*:*:*", matchCriteriaId: "17AA24B4-30C7-4D46-A55C-A5CC7C446436", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*", matchCriteriaId: "4E37786B-5336-4182-A1E3-801BDB6F61EC", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*", matchCriteriaId: "349D014E-223A-46A7-8334-543DB330C215", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*", matchCriteriaId: "550EC183-43A1-4A63-A23C-A48C1F078451", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*", matchCriteriaId: "0ACECF59-AA88-4B5C-A671-83842C9CF072", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*", matchCriteriaId: "D0535DC9-EB0E-4745-80AC-4A020DF26E38", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*", matchCriteriaId: "94F5AA37-B466-4E2E-B217-5119BADDD87B", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*", matchCriteriaId: "6DF0F0F5-4022-4837-9B40-4B1127732CC9", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*", matchCriteriaId: "B3848B08-85C2-4AAD-AA33-CCEB80EF5B32", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*", matchCriteriaId: "90E0471D-1323-4E67-B66C-DEBF3BBAEEAA", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B03B7561-A854-4EFA-9E4E-CFC4EEAE4EE1", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*", matchCriteriaId: "D2423B85-0971-42AC-8B64-819008BC5778", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1:*:*:*:*:*:*", matchCriteriaId: "CB116A84-1652-4F5D-98AC-81F0349EEDC0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2:*:*:*:*:*:*", matchCriteriaId: "259C21E7-6084-4710-9BB3-C232942A451E", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*", matchCriteriaId: "285A3431-BDFE-40C5-92CD-B18217757C23", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*", matchCriteriaId: "D66B32CB-AC49-4A1C-85ED-6389F27CB319", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.", }, { lang: "es", value: "Ruby v1.8.7 antes de patchlevel 371, v1.9.3 antes patchlevel 286 y v2.0 antes de la revisión r37068 permite a atacantes dependientes de contexto evitar las restricciones de seguridad de nivel y modificar cadenas untainted a través de la función de la API name_err_mesg_to_str, que marca la cadena como contaminada, una diferente vulnerabilidad a CVE-2011-1005.", }, ], id: "CVE-2012-4466", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-04-25T23:55:01.340", references: [ { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089554.html", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089887.html", }, { source: "secalert@redhat.com", url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068", }, { source: "secalert@redhat.com", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:124", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/10/02/4", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/10/03/9", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=862614", }, { source: "secalert@redhat.com", url: "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089554.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089887.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:124", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/10/02/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/10/03/9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=862614", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-08-14 23:41
Modified
2025-04-09 00:30
Severity ?
Summary
The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:1.6.8:*:*:*:*:*:*:*", matchCriteriaId: "46086C6A-9068-4959-BEE7-4D76BDEA3962", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*", matchCriteriaId: "16BDFA5C-35BE-4B7E-BD2D-C28B095F62E0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.1:*:*:*:*:*:*:*", matchCriteriaId: "31160797-6920-4BA1-B355-1CCD1FCDBFC8", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.1:-9:*:*:*:*:*:*", matchCriteriaId: "BC306E85-66D8-4384-BBC3-92DC99C85FC2", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.2:*:*:*:*:*:*:*", matchCriteriaId: "A5675C37-39EF-41EF-9A53-3FCE4CF23820", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.2:preview2:*:*:*:*:*:*", matchCriteriaId: "39609530-0A81-481E-BDA4-5A98327EAD11", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.2:preview3:*:*:*:*:*:*", matchCriteriaId: "C19ADE91-4D9E-43ED-A605-E504B9090119", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.2:preview4:*:*:*:*:*:*", matchCriteriaId: "D89E3027-C2ED-4CC6-86F5-1B791576B6EF", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.3:*:*:*:*:*:*:*", matchCriteriaId: "46F29ADA-E6DC-456F-9E63-C56C68EF7E5C", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.3:preview1:*:*:*:*:*:*", matchCriteriaId: "57B1C113-682E-4F7D-BCF0-E30C446C4AC7", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.3:preview2:*:*:*:*:*:*", matchCriteriaId: "4BAF9471-B532-4194-AB3C-5AA28432FF27", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.3:preview3:*:*:*:*:*:*", matchCriteriaId: "51BE9728-A5FE-486A-8DB9-711E46243132", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.4:*:*:*:*:*:*:*", matchCriteriaId: "7AC1B910-C0FA-4943-92B1-597842E84015", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.4:preview1:*:*:*:*:*:*", matchCriteriaId: "A78ECCA9-6F07-4A63-8BF7-8D40F2439552", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.4:preview2:*:*:*:*:*:*", matchCriteriaId: "14513719-4ED8-4EAB-B4D8-29849B868BA0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.4:preview3:*:*:*:*:*:*", matchCriteriaId: "92E3814D-BEEA-4E46-9CED-9D8059727D14", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:*:*:*:*:*:*:*", matchCriteriaId: "C80BDE13-9CBB-4A5F-9BF4-BEB907CED271", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:p11:*:*:*:*:*:*", matchCriteriaId: "CA7D3F32-EFB7-4628-9328-36C6A306B399", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:p113:*:*:*:*:*:*", matchCriteriaId: "D1A95E9F-AEC5-4AF9-B7D9-52DDDECB7E77", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:p114:*:*:*:*:*:*", matchCriteriaId: "8C72828E-B572-470B-ACA6-55C34DBAA017", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:p115:*:*:*:*:*:*", matchCriteriaId: "9328DE73-420B-4280-85A4-ABEFC4679676", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:p12:*:*:*:*:*:*", matchCriteriaId: "0F382FBD-6163-4A5B-AEB3-A15A843329F1", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:p2:*:*:*:*:*:*", matchCriteriaId: "4399121F-9BC7-4A67-8B0B-ED3B94A16D56", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:p231:*:*:*:*:*:*", matchCriteriaId: "736348AD-4717-477B-BE8C-A0CAB37F3461", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:p35:*:*:*:*:*:*", matchCriteriaId: "BFE61EB9-2544-4E48-B313-63A99F4F5241", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:p52:*:*:*:*:*:*", matchCriteriaId: "9FA7A250-A388-4749-ABC0-06B02DBC3915", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview1:*:*:*:*:*:*", matchCriteriaId: "6122187F-2371-429A-971B-419B4ACE8E18", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview2:*:*:*:*:*:*", matchCriteriaId: "8A42425D-FF21-4863-B43D-EE100DBE6BD7", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview3:*:*:*:*:*:*", matchCriteriaId: "06512108-020D-4D71-8F60-6AA2052D7D35", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview4:*:*:*:*:*:*", matchCriteriaId: "E2E152A5-F625-4061-AD8C-4CFA085B674F", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview5:*:*:*:*:*:*", matchCriteriaId: "756F5247-658C-412C-ACBF-CBE987DF748A", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*", matchCriteriaId: "876B2575-4F81-4A70-9A88-9BEE44649626", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:p110:*:*:*:*:*:*", matchCriteriaId: "DF02372D-FD0B-453F-821E-1E0BA7900711", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:p111:*:*:*:*:*:*", matchCriteriaId: "0A6ED369-E564-4D4F-9E23-A8125194EAD0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:p114:*:*:*:*:*:*", matchCriteriaId: "ACC0DB90-C072-4BCB-9082-94394F547D35", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:p230:*:*:*:*:*:*", matchCriteriaId: "4D7ED62B-4D88-46A4-A0A3-BD37E66A5211", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:p286:*:*:*:*:*:*", matchCriteriaId: "072A0C3C-9F47-4DC7-96EA-7980B45429DD", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:p36:*:*:*:*:*:*", matchCriteriaId: "FB0372E4-FE3E-49CD-AF55-E2E4518D34F5", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1:*:*:*:*:*:*", matchCriteriaId: "04579340-B53F-47B5-99C9-B647AAA3D303", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2:*:*:*:*:*:*", matchCriteriaId: "9D7F4162-108A-470B-8E6B-C009E8C56AEF", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3:*:*:*:*:*:*", matchCriteriaId: "73AB0545-3D8D-4623-8381-D71DA44E3B5D", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*", matchCriteriaId: "2D86FC99-3521-4E22-8FD3-65CEB05A6342", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*", matchCriteriaId: "84A291B0-EABD-4572-B8E2-2457DBAEDC92", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*", matchCriteriaId: "1FE05F3A-A8B5-45EE-BF52-D55E2768F890", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*", matchCriteriaId: "0C6D66E2-3E10-4DEA-9E6B-53A5DE78AFCF", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*", matchCriteriaId: "4E37786B-5336-4182-A1E3-801BDB6F61EC", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*", matchCriteriaId: "349D014E-223A-46A7-8334-543DB330C215", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*", matchCriteriaId: "550EC183-43A1-4A63-A23C-A48C1F078451", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*", matchCriteriaId: "0ACECF59-AA88-4B5C-A671-83842C9CF072", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "52179EC7-CAF0-42AA-A21A-7105E10CA122", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.0:r18423:*:*:*:*:*:*", matchCriteriaId: "D906EA97-7071-4CFA-84EF-EC82D813D7AE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.", }, { lang: "es", value: "El motor de expresiones regulares (regex.c) en Ruby 1.8.5 y anteriores, 1.8.6 a través de p286-1.8.6, 1.8.7 a través de 1.8.7-p71, y 1.9 a través de r18423 permite a atacantes remotos provocar una denegación de servicio (bucle infinito y caida) a través de múltiples peticiones largas a un socket de Ruby. Esta denegación de servicio esta relacionada con un fallo en la asignación de memoria, como se ha demostrado contra Webrick.", }, ], id: "CVE-2008-3443", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-08-14T23:41:00.000", references: [ { source: "cve@mitre.org", url: "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/31430", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/32165", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/32219", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/32371", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/32372", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/33185", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/33398", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/35074", }, { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/4158", }, { source: "cve@mitre.org", url: "http://support.apple.com/kb/HT3549", }, { source: "cve@mitre.org", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2009/dsa-1695", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2008-0895.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/30682", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id?1021075", }, { source: "cve@mitre.org", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-133A.html", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2009/1297", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44688", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9570", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/651-1/", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/691-1/", }, { source: "cve@mitre.org", url: "https://www.exploit-db.com/exploits/6239", }, { source: "cve@mitre.org", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html", }, { source: "cve@mitre.org", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/31430", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/32165", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/32219", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/32371", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/32372", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/33185", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/33398", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/35074", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/4158", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.apple.com/kb/HT3549", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2009/dsa-1695", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2008-0895.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/30682", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1021075", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-133A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2009/1297", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44688", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9570", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/651-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/691-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/6239", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-26 03:15
Modified
2024-11-21 01:30
Severity ?
Summary
Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/cve-2011-3624 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3624 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://redmine.ruby-lang.org/issues/5418 | ||
| secalert@redhat.com | https://security-tracker.debian.org/tracker/CVE-2011-3624 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2011-3624 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3624 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://redmine.ruby-lang.org/issues/5418 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2011-3624 | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*", matchCriteriaId: "2D86FC99-3521-4E22-8FD3-65CEB05A6342", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*", matchCriteriaId: "5178D04D-1C29-4353-8987-559AA07443EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header.", }, { lang: "es", value: "Varios métodos en WEBrick::HTTPRequest en Ruby versiones 1.9.2 y versiones 1.8.7 y anteriores, no comprueban los encabezados X-Fordered-For, X-Fordered-Host y X-Fordered-Server en las peticiones, lo que podría permitir a los atacantes remotos inyectar texto arbitrario en archivos de registro o omitir el análisis de direcciones previsto por medio de un encabezado diseñado.", }, ], id: "CVE-2011-3624", lastModified: "2024-11-21T01:30:52.357", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-26T03:15:10.910", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/cve-2011-3624", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3624", }, { source: "secalert@redhat.com", url: "https://redmine.ruby-lang.org/issues/5418", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2011-3624", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/cve-2011-3624", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3624", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://redmine.ruby-lang.org/issues/5418", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2011-3624", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-12-30 01:55
Modified
2025-04-11 00:51
Severity ?
Summary
Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "CF503FC0-3CC4-48BC-89EF-F7DEBF4E2F85", versionEndIncluding: "1.8.7-p352", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7-p299:*:*:*:*:*:*:*", matchCriteriaId: "F3F5F64A-855A-41D1-9F89-EE93D0F44D70", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7-p302:*:*:*:*:*:*:*", matchCriteriaId: "27CC5244-6F8F-4D05-8301-7467A44B962F", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7-p330:*:*:*:*:*:*:*", matchCriteriaId: "D17613F3-63F8-4809-84D1-7CAC943C7B1E", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7-p334:*:*:*:*:*:*:*", matchCriteriaId: "264C1C64-B631-4C63-9A0A-10C5E3F5D1BB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.", }, { lang: "es", value: "Ruby (también conocido como CRuby) anterior a v1.8.7-P357 calcula los valores de hash sin restringir la capacidad de desencadenar colisiones hash predecible, que permite a atacantes dependientes de contexto para causar una denegación de servicio (consumo de CPU) a través de entrada diseñado para una aplicación que mantiene un hash mesa.", }, ], id: "CVE-2011-4815", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-12-30T01:55:01.437", references: [ { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html", }, { source: "cve@mitre.org", url: "http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606", }, { source: "cve@mitre.org", url: "http://jvn.jp/en/jp/JVN90615481/index.html", }, { source: "cve@mitre.org", url: "http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000066.html", }, { source: "cve@mitre.org", url: "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2012-0069.html", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2012-0070.html", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/47405", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/47822", }, { source: "cve@mitre.org", url: "http://support.apple.com/kb/HT5281", }, { source: "cve@mitre.org", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/903934", }, { source: "cve@mitre.org", url: "http://www.nruns.com/_downloads/advisory28122011.pdf", }, { source: "cve@mitre.org", url: "http://www.ocert.org/advisories/ocert-2011-003.html", }, { source: "cve@mitre.org", url: "http://www.ruby-lang.org/en/news/2011/12/28/denial-of-service-attack-was-found-for-rubys-hash-algorithm/", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id?1026474", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/72020", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://jvn.jp/en/jp/JVN90615481/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000066.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2012-0069.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2012-0070.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/47405", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/47822", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.apple.com/kb/HT5281", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/903934", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.nruns.com/_downloads/advisory28122011.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ocert.org/advisories/ocert-2011-003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ruby-lang.org/en/news/2011/12/28/denial-of-service-attack-was-found-for-rubys-hash-algorithm/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1026474", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/72020", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-28 21:15
Modified
2024-11-21 04:55
Severity ?
Summary
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| json_project | json | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| opensuse | leap | 15.1 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 10.0 | |
| apple | macos | 11.0.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:json_project:json:*:*:*:*:*:ruby:*:*", matchCriteriaId: "2C47D2F3-1A47-4530-94A7-70E674AB221C", versionEndIncluding: "2.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "42AE5775-61C8-4B8C-B349-423C0434763A", versionEndIncluding: "2.4.9", versionStartIncluding: "2.4.0", vulnerable: false, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "8F9FF206-523F-4E17-8BDB-67677576B376", versionEndIncluding: "2.5.7", versionStartIncluding: "2.5.0", vulnerable: false, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "D4FC67C1-28AC-4E34-A89C-33892FF0BEA2", versionEndIncluding: "2.6.5", versionStartIncluding: "2.6.0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:macos:11.0.1:*:*:*:*:*:*:*", matchCriteriaId: "96C3F2DF-96A5-40F2-B5C7-E961C2EE4489", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.", }, { lang: "es", value: "La gema JSON versiones hasta 2.2.0 para Ruby, como es usado en Ruby versiones 2.4 hasta 2.4.9, versiones 2.5 hasta 2.5.7 y versiones 2.6 hasta 2.6.5, tiene una Vulnerabilidad de Creación de Objetos No Segura. Esto es bastante similar a CVE-2013-0269, pero no se basa en un comportamiento inapropiado garbage-collection dentro de Ruby. Específicamente, el uso de métodos de análisis JSON puede conllevar a la creación de un objeto malicioso dentro del intérprete, con efectos adversos que dependen de la aplicación.", }, ], id: "CVE-2020-10663", lastModified: "2024-11-21T04:55:47.670", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-28T21:15:11.667", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00004.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Dec/32", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b%40%3Cissues.zookeeper.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61%40%3Cissues.zookeeper.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d%40%3Cissues.zookeeper.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae%40%3Cdev.zookeeper.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c%40%3Cissues.zookeeper.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5%40%3Cissues.zookeeper.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7%40%3Cissues.zookeeper.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db%40%3Cissues.zookeeper.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c%40%3Cissues.zookeeper.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210129-0003/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211931", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4721", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00004.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Dec/32", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae%40%3Cdev.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210129-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211931", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4721", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-03-24 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | mac_os_x | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | 2.1.0 | |
| ruby-lang | ruby | 2.1.1 | |
| ruby-lang | ruby | 2.1.2 | |
| ruby-lang | ruby | 2.1.3 | |
| ruby-lang | ruby | 2.1.4 | |
| ruby-lang | ruby | 2.1.5 | |
| ruby-lang | ruby | 2.1.6 | |
| ruby-lang | ruby | 2.1.7 | |
| ruby-lang | ruby | 2.2.0 | |
| ruby-lang | ruby | 2.2.1 | |
| ruby-lang | ruby | 2.2.2 | |
| ruby-lang | ruby | 2.2.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "D3C6DA6A-9C87-4B7B-A52D-A66276B5DE82", versionEndIncluding: "10.11.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "F7B036EA-235A-41A7-9CEB-3FA9C49FFDA8", versionEndIncluding: "2.0.0-p647", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "85A846FF-DD34-4DD6-BD61-09124C145E97", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "8DF046E4-503B-4A10-BEAB-3144BD86EA49", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*", matchCriteriaId: "9FCA45F1-3038-413A-B8C3-EE366A4E6248", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*", matchCriteriaId: "FF6AF5E3-4EB8-48A3-B8E9-C79C08C38994", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*", matchCriteriaId: "6AE2B154-8126-4A38-BAB6-915207764FC0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1.5:*:*:*:*:*:*:*", matchCriteriaId: "808FA8BE-71FC-4ADD-BDEA-637E8DF4E899", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1.6:*:*:*:*:*:*:*", matchCriteriaId: "523417A8-F62B-48AF-B60B-CE9A200D4A9A", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1.7:*:*:*:*:*:*:*", matchCriteriaId: "FAB1E0F8-F9B0-40E9-892E-C62729525CE5", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B8F103B7-0E70-4490-9802-2CD6034E240B", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.2.1:*:*:*:*:*:*:*", matchCriteriaId: "35D36707-03B7-437C-B21D-A27D5C530117", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*", matchCriteriaId: "5FCCD8F3-E667-42F2-9861-14EDFB16583A", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.2.3:*:*:*:*:*:*:*", matchCriteriaId: "6F3CEF46-C95D-493B-A99B-7C90FDF27B47", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.", }, { lang: "es", value: "La implementación Fiddle::Handle en ext/fiddle/handle.c en Ruby en versiones anteriores a 2.0.0-p648, 2.1 en versiones anteriores a 2.1.8 y 2.2 en versiones anteriores a 2.2.4, según se distribuye en Apple OS X en versiones anteriores a 10.11.4 y otros productos, no maneja correctamente el tainting, lo que permite a atacantes dependientes del contexto ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de una cadena manipulada, relacionado con el módulo DL y la librería libffi. NOTA: esta vulnerabilidad existe por una regresión de CVE-2009-5147.", }, ], id: "CVE-2015-7551", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-03-24T01:59:03.370", references: [ { source: "secalert@redhat.com", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344", }, { source: "secalert@redhat.com", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551", }, { source: "secalert@redhat.com", url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/76060", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { source: "secalert@redhat.com", url: "https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a", }, { source: "secalert@redhat.com", url: "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.html", }, { source: "secalert@redhat.com", url: "https://puppet.com/security/cve/ruby-dec-2015-security-fixes", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT206167", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/76060", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://puppet.com/security/cve/ruby-dec-2015-security-fixes", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT206167", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-12-15 09:29
Modified
2025-04-20 01:37
Severity ?
Summary
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | 2.5.0 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.4 | |
| redhat | enterprise_linux_server_aus | 7.6 | |
| redhat | enterprise_linux_server_eus | 7.4 | |
| redhat | enterprise_linux_server_eus | 7.5 | |
| redhat | enterprise_linux_server_eus | 7.6 | |
| redhat | enterprise_linux_server_tus | 7.4 | |
| redhat | enterprise_linux_server_tus | 7.6 | |
| redhat | enterprise_linux_workstation | 7.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "B35C3AD5-0AFB-481C-A14C-74FE4E9D4075", versionEndIncluding: "2.2.8", versionStartIncluding: "2.2", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "1D4CCCBF-2BC7-4F93-ABD5-E8A979DD6FBC", versionEndIncluding: "2.3.5", versionStartIncluding: "2.3", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "175826D2-3602-48AE-A3B9-5764E8FC8834", versionEndIncluding: "2.4.2", versionStartIncluding: "2.4", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.5.0:preview1:*:*:*:*:*:*", matchCriteriaId: "1A059BF9-B9CA-4468-ABCD-0B8BD0C67FEF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "D99A687E-EAE6-417E-A88E-D0082BC194CD", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B353CE99-D57C-465B-AAB0-73EF581127D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", matchCriteriaId: "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "BF77CDCF-B9C9-427D-B2BF-36650FB2148C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "D5F7E11E-FB34-4467-8919-2B6BEAABF665", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the \"|\" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.", }, { lang: "es", value: "Ruby en versiones anteriores a la 2.4.3 permite la inyección de comandos Net::FTP. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile y puttextfile emplean Kernel#open para abrir un archivo local. Si el argumento localfile empieza por el carácter \"|\", el comando que lo siga se ejecutará. El valor por defecto de localfile es File.basename(remotefile), por lo que servidores FTP maliciosos podrían provocar la ejecución de comandos arbitrarios.", }, ], id: "CVE-2017-17405", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-12-15T09:29:00.203", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102204", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1042004", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:0378", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:0584", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:0585", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2019:2806", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4259", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/43381/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2017/12/14/ruby-2-4-3-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102204", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1042004", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:0378", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:0584", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:0585", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2019:2806", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4259", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/43381/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2017/12/14/ruby-2-4-3-released/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-07-30 14:15
Modified
2024-11-21 06:06
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| ruby-lang | rdoc | * | |
| ruby-lang | ruby | * | |
| oracle | jd_edwards_enterpriseone_tools | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:rdoc:*:*:*:*:*:ruby:*:*", matchCriteriaId: "77236966-D428-48E2-AB70-F9B0F6388CD8", versionEndExcluding: "6.3.1", versionStartIncluding: "3.11", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "C5F4F2D7-4AC8-4DA7-8905-0105CC8B7174", versionEndIncluding: "3.0.1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", matchCriteriaId: "D1298AA2-0103-4457-B260-F976B78468E7", versionEndExcluding: "9.2.6.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.", }, { lang: "es", value: "En RDoc versiones 3.11 hasta 6.x versiones anteriores a 6.3.1, como se distribuye con Ruby versiones hasta 3.0.1, es posible ejecutar código arbitrario por medio de | y etiquetas en un nombre de archivo", }, ], id: "CVE-2021-31799", lastModified: "2024-11-21T06:06:14.870", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2021-07-30T14:15:16.620", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/10/msg00009.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2021-31799", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/202401-05", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210902-0004/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/10/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2021-31799", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202401-05", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210902-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2012-11-24 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*", matchCriteriaId: "D0535DC9-EB0E-4745-80AC-4A020DF26E38", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B03B7561-A854-4EFA-9E4E-CFC4EEAE4EE1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.", }, { lang: "es", value: "La función rb_get_path_check en file.c en Ruby v1.9.3 anterior a patchlevel 286 y Ruby v2.0.0 anterior a r37163 permite a atacantes dependientes de contexto crear archivos en ubicaciones inesperadas o con nombres inesperados a través de un byte NUL en una ruta de archivo.", }, ], id: "CVE-2012-4522", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-11-24T20:55:03.150", references: [ { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090235.html", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090515.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2013-0129.html", }, { source: "secalert@redhat.com", url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37163", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/10/12/6", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/10/13/1", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/10/16/1", }, { source: "secalert@redhat.com", url: "http://www.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090235.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090515.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2013-0129.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37163", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/10/12/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/10/13/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/10/16/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-04-09 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | * | |
| ruby-lang | ruby | 1.9 | |
| ruby-lang | ruby | 1.9.1 | |
| ruby-lang | ruby | 1.9.2 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 2.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:p385:*:*:*:*:*:*", matchCriteriaId: "AA8C0F8E-4C21-4181-84A5-D17E70D19D9A", versionEndIncluding: "1.9.3", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*", matchCriteriaId: "D9237145-35F8-4E05-B730-77C0F386E5B2", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*", matchCriteriaId: "C78BB1D8-0505-484D-B824-1AA219F8B247", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*", matchCriteriaId: "5178D04D-1C29-4353-8987-559AA07443EC", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*", matchCriteriaId: "D0535DC9-EB0E-4745-80AC-4A020DF26E38", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*", matchCriteriaId: "94F5AA37-B466-4E2E-B217-5119BADDD87B", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*", matchCriteriaId: "6DF0F0F5-4022-4837-9B40-4B1127732CC9", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*", matchCriteriaId: "B3848B08-85C2-4AAD-AA33-CCEB80EF5B32", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*", matchCriteriaId: "B7927D40-2A3A-43AD-99F6-CE61882A1FF4", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*", matchCriteriaId: "AA406EC6-6CA5-40A6-A879-AA8940CBEF07", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*", matchCriteriaId: "90E0471D-1323-4E67-B66C-DEBF3BBAEEAA", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B03B7561-A854-4EFA-9E4E-CFC4EEAE4EE1", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*", matchCriteriaId: "285A3431-BDFE-40C5-92CD-B18217757C23", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*", matchCriteriaId: "D66B32CB-AC49-4A1C-85ED-6389F27CB319", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.", }, { lang: "es", value: "lib/rexml/text.rb en el analizador REXML en Ruby anterior a 1.9.3-p392, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria o caída de la aplicación) a través de nodos de texto manipulados en un documento XML. Aka como ataque XML Entity Expansion (XEE).", }, ], evaluatorImpact: "Per: http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/\r\n\r\n\"Affected versions\r\n\r\n All ruby 1.9 versions prior to ruby 1.9.3 patchlevel 392\r\n All ruby 2.0 versions prior to ruby 2.0.0 patchlevel 0\r\n prior to trunk revision 39384\"\r\n", id: "CVE-2013-1821", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-04-09T21:55:01.113", references: [ { source: "secalert@redhat.com", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00036.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2013-0611.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2013-0612.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2013-1028.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2013-1147.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/52783", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/52902", }, { source: "secalert@redhat.com", url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=39384", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2013/dsa-2738", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2013/dsa-2809", }, { source: "secalert@redhat.com", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:124", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2013/03/06/5", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/58141", }, { source: "secalert@redhat.com", url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-1780-1", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=914716", }, { source: "secalert@redhat.com", url: "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0092", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00036.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2013-0611.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2013-0612.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2013-1028.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2013-1147.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/52783", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/52902", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=39384", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2013/dsa-2738", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2013/dsa-2809", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:124", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2013/03/06/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/58141", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-1780-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=914716", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0092", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-09-19 17:29
Modified
2025-04-20 01:37
Severity ?
Summary
The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | * | |
| ruby-lang | ruby | 2.3.0 | |
| ruby-lang | ruby | 2.3.0 | |
| ruby-lang | ruby | 2.3.0 | |
| ruby-lang | ruby | 2.3.1 | |
| ruby-lang | ruby | 2.3.2 | |
| ruby-lang | ruby | 2.3.3 | |
| ruby-lang | ruby | 2.3.4 | |
| ruby-lang | ruby | 2.4.0 | |
| ruby-lang | ruby | 2.4.0 | |
| ruby-lang | ruby | 2.4.0 | |
| ruby-lang | ruby | 2.4.0 | |
| ruby-lang | ruby | 2.4.0 | |
| ruby-lang | ruby | 2.4.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "20D4B423-C141-4B08-9FE4-2ADCB868A224", versionEndIncluding: "2.2.7", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "822307DD-7F7D-44C2-9C4B-CB8704663410", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.3.0:preview1:*:*:*:*:*:*", matchCriteriaId: "A2D62AC9-83B8-4C84-A47E-2B06C2816964", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.3.0:preview2:*:*:*:*:*:*", matchCriteriaId: "E583E49C-95B1-4AE4-AA7A-6D6BA7D470B4", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.3.1:*:*:*:*:*:*:*", matchCriteriaId: "5F197C5A-2588-417F-A743-E72D1E8EF4F7", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.3.2:*:*:*:*:*:*:*", matchCriteriaId: "FBA01BF1-91AD-4968-9AC2-A194FCD6AB76", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.3.3:*:*:*:*:*:*:*", matchCriteriaId: "B36CCD91-2A20-4C2E-96D5-73704DFC10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.3.4:*:*:*:*:*:*:*", matchCriteriaId: "485C401C-CC3B-4A74-82D6-F4539FFE48B8", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "F9E99F5A-E693-43E9-8AB3-A3FCB21BCF14", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.4.0:preview1:*:*:*:*:*:*", matchCriteriaId: "9DDA92E9-C9CF-47B9-B647-0202D493D057", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.4.0:preview2:*:*:*:*:*:*", matchCriteriaId: "A682A487-A615-404C-A7D9-A28C0C31B4E7", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.4.0:preview3:*:*:*:*:*:*", matchCriteriaId: "8930BA64-E9BC-42E0-9D74-8FA2ABD1F692", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.4.0:rc1:*:*:*:*:*:*", matchCriteriaId: "A87AE96A-F7FB-41A2-943C-DFAEA6D81446", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:*:*:*", matchCriteriaId: "946D2AB0-D334-4D94-BDA2-733BFC6C9E1E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.", }, { lang: "es", value: "El código de autenticación Basic en la biblioteca WEBrick en Ruby en versiones anteriores a la 2.2.8, 2.3.x anteriores a la 2.3.5 y 2.4.x hasta la 2.4.1 permite que atacantes remotos inyecten secuencias de escape del emulador del terminal en su registro y que puedan ejecutar comandos arbitrarios mediante un nombre de usuario manipulado.", }, ], id: "CVE-2017-10784", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-09-19T17:29:00.263", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100853", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039363", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1042004", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2017:3485", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2018:0378", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2018:0585", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201710-18", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/3528-1/", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/3685-1/", }, { source: "cve@mitre.org", url: "https://www.debian.org/security/2017/dsa-4031", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100853", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039363", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1042004", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2017:3485", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2018:0378", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2018:0585", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201710-18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/3528-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/3685-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.debian.org/security/2017/dsa-4031", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-11-16 18:29
Modified
2024-11-21 03:52
Severity ?
Summary
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | openssl | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | 2.6.0 | |
| ruby-lang | ruby | 2.6.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| redhat | enterprise_linux | 7.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:openssl:*:*:*:*:*:ruby:*:*", matchCriteriaId: "DDD3EC39-B375-4B68-963F-08418673D321", versionEndExcluding: "2.1.2", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "4F4CB899-0054-44BB-A3BD-FB225CC663DB", versionEndIncluding: "2.3.7", versionStartIncluding: "2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "4A07531E-A788-41ED-8C5D-AAB2F532EA7A", versionEndIncluding: "2.4.4", versionStartIncluding: "2.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "70C32AF6-57D9-4F85-857B-4EFC425D9145", versionEndIncluding: "2.5.1", versionStartIncluding: "2.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1:*:*:*:*:*:*", matchCriteriaId: "787FDFC6-E780-4F95-9E46-C5CF77E7EBC7", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.6.0:preview2:*:*:*:*:*:*", matchCriteriaId: "49B6EEAA-B52E-42B9-A6C2-D65D7C81A0EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*", matchCriteriaId: "041F9200-4C01-4187-AE34-240E8277B54D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.", }, { lang: "es", value: "Se ha descubierto un problema en la biblioteca OpenSSL en Ruby, en versiones anteriores a la 2.3.8, versiones 2.4.x anteriores a la 2.4.5, versiones 2.5.x anteriores a la 2.5.2 y versiones 2.6.x anteriores a la 2.6.0-preview3. Cuando dos objetos OpenSSL::X509::Name se comparan mediante ==, dependiendo del orden, los objetos que no son iguales podrían devolver \"true\". Cuando el primer argumento tiene un carácter más que el segundo, o el segundo argumento contiene un carácter que tiene uno menos que el carácter en la misma posición que el primer argumento, el resultado de == será \"true\". Esto podría aprovecharse para crear un certificado ilegítimo que podría ser aceptado como legítimo y después emplearse en operaciones de firma o cifrado.", }, ], id: "CVE-2018-16395", lastModified: "2024-11-21T03:52:40.143", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-11-16T18:29:00.943", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1042105", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3738", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1948", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2019:2565", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://hackerone.com/reports/387250", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190221-0002/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3808-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4332", }, { source: "cve@mitre.org", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "cve@mitre.org", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1042105", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3738", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1948", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2019:2565", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://hackerone.com/reports/387250", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190221-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3808-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4332", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-09 18:15
Modified
2024-11-21 06:57
Severity ?
Summary
There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "D618D4E6-CE8B-496E-A77B-E054B0BAFAB0", versionEndExcluding: "2.6.10", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "A4FCE84E-311F-4B95-BF2D-8A165DE3A2C8", versionEndExcluding: "2.7.6", versionStartIncluding: "2.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "3BD89956-E0A9-46F1-BA21-48C29B7CF634", versionEndExcluding: "3.0.4", versionStartIncluding: "3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "D78DCF3F-3444-4E43-B278-30E6A905D315", versionEndExcluding: "3.1.2", versionStartIncluding: "3.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "D832A844-E337-4151-83EF-FAEF32377223", versionEndExcluding: "11.7.1", versionStartIncluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "0DAECB4D-F46A-4E96-99DE-769E397C77E4", versionEndExcluding: "12.6.1", versionStartIncluding: "12.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.", }, { lang: "es", value: "Se presenta una lectura excesiva del búfer en Ruby versiones anteriores a 2.6.10, 2.7.x versiones anteriores a 2.7.6, 3.x versiones anteriores a 3.0.4 y 3.1.x versiones anteriores a 3.1.2. Es producida en la conversión String-to-Float, incluyendo Kernel#Float y String#to_f", }, ], id: "CVE-2022-28739", lastModified: "2024-11-21T06:57:50.467", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-09T18:15:08.540", references: [ { source: "cve@mitre.org", url: "http://seclists.org/fulldisclosure/2022/Oct/28", }, { source: "cve@mitre.org", url: "http://seclists.org/fulldisclosure/2022/Oct/29", }, { source: "cve@mitre.org", url: "http://seclists.org/fulldisclosure/2022/Oct/30", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Oct/41", }, { source: "cve@mitre.org", url: "http://seclists.org/fulldisclosure/2022/Oct/42", }, { source: "cve@mitre.org", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://hackerone.com/reports/1248108", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2022-28739", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/202401-27", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220624-0002/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213488", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213493", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213494", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2022/Oct/28", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2022/Oct/29", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2022/Oct/30", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Oct/41", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2022/Oct/42", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://hackerone.com/reports/1248108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2022-28739", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202401-27", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220624-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213488", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213493", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213494", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-09-15 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | 2.2.0 | |
| ruby-lang | ruby | 2.2.1 | |
| ruby-lang | ruby | 2.2.2 | |
| ruby-lang | ruby | 2.2.3 | |
| ruby-lang | ruby | 2.2.4 | |
| ruby-lang | ruby | 2.2.5 | |
| ruby-lang | ruby | 2.2.6 | |
| ruby-lang | ruby | 2.2.7 | |
| ruby-lang | ruby | 2.3.0 | |
| ruby-lang | ruby | 2.3.1 | |
| ruby-lang | ruby | 2.3.2 | |
| ruby-lang | ruby | 2.3.3 | |
| ruby-lang | ruby | 2.3.4 | |
| ruby-lang | ruby | 2.4.0 | |
| ruby-lang | ruby | 2.4.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B8F103B7-0E70-4490-9802-2CD6034E240B", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.2.1:*:*:*:*:*:*:*", matchCriteriaId: "35D36707-03B7-437C-B21D-A27D5C530117", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*", matchCriteriaId: "5FCCD8F3-E667-42F2-9861-14EDFB16583A", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.2.3:*:*:*:*:*:*:*", matchCriteriaId: "6F3CEF46-C95D-493B-A99B-7C90FDF27B47", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.2.4:*:*:*:*:*:*:*", matchCriteriaId: "1629D696-BD68-4C4F-B6CE-885AD670A12A", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.2.5:*:*:*:*:*:*:*", matchCriteriaId: "F87B9AD8-CF70-4CA9-A655-838B1D7AD056", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.2.6:*:*:*:*:*:*:*", matchCriteriaId: "EB471265-C399-49D4-8CA2-5FC1C85C6F19", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.2.7:*:*:*:*:*:*:*", matchCriteriaId: "E8F7FF5E-EBD0-415E-BFA1-6AF1527F1174", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "822307DD-7F7D-44C2-9C4B-CB8704663410", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.3.1:*:*:*:*:*:*:*", matchCriteriaId: "5F197C5A-2588-417F-A743-E72D1E8EF4F7", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.3.2:*:*:*:*:*:*:*", matchCriteriaId: "FBA01BF1-91AD-4968-9AC2-A194FCD6AB76", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.3.3:*:*:*:*:*:*:*", matchCriteriaId: "B36CCD91-2A20-4C2E-96D5-73704DFC10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.3.4:*:*:*:*:*:*:*", matchCriteriaId: "485C401C-CC3B-4A74-82D6-F4539FFE48B8", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "F9E99F5A-E693-43E9-8AB3-A3FCB21BCF14", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:*:*:*", matchCriteriaId: "946D2AB0-D334-4D94-BDA2-733BFC6C9E1E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.", }, { lang: "es", value: "Ruby, en versiones anteriores a la 2.4.2, 2.3.5 y 2.2.8, es vulnerable a una cadena de formato maliciosa qe contiene un especificador (*) con un valor grande negativo. Esta situación puede provocar un desbordamiento de búfer, provocando una corrupción de la memoria dinámica (heap) o una fuga de información de dicha memoria dinámica.", }, ], id: "CVE-2017-0898", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-09-15T19:29:00.190", references: [ { source: "support@hackerone.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100862", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039363", }, { source: "support@hackerone.com", url: "https://access.redhat.com/errata/RHSA-2017:3485", }, { source: "support@hackerone.com", url: "https://access.redhat.com/errata/RHSA-2018:0378", }, { source: "support@hackerone.com", url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { source: "support@hackerone.com", url: "https://access.redhat.com/errata/RHSA-2018:0585", }, { source: "support@hackerone.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/mruby/mruby/issues/3722", }, { source: "support@hackerone.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://hackerone.com/reports/212241", }, { source: "support@hackerone.com", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { source: "support@hackerone.com", url: "https://security.gentoo.org/glsa/201710-18", }, { source: "support@hackerone.com", url: "https://usn.ubuntu.com/3685-1/", }, { source: "support@hackerone.com", url: "https://www.debian.org/security/2017/dsa-4031", }, { source: "support@hackerone.com", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100862", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039363", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2017:3485", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2018:0378", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2018:0585", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/mruby/mruby/issues/3722", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://hackerone.com/reports/212241", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201710-18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/3685-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.debian.org/security/2017/dsa-4031", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-134", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-134", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-04-03 22:29
Modified
2024-11-21 04:14
Severity ?
Summary
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | 2.6.0 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 7.4 | |
| redhat | enterprise_linux | 7.5 | |
| redhat | enterprise_linux | 7.6 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "79C0C7FF-8814-4F49-8DFE-8763BE582055", versionEndExcluding: "2.2.10", versionStartIncluding: "2.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "17DC7068-E1B8-4699-BDE0-14305D35D24B", versionEndExcluding: "2.3.7", versionStartIncluding: "2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "7172D61A-F82C-4EB5-9763-611CFE08A09B", versionEndExcluding: "2.4.4", versionStartIncluding: "2.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "4A56E97B-C7E3-48AC-AAEF-4FA056276D03", versionEndExcluding: "2.5.1", versionStartIncluding: "2.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1:*:*:*:*:*:*", matchCriteriaId: "787FDFC6-E780-4F95-9E46-C5CF77E7EBC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", matchCriteriaId: "9070C9D8-A14A-467F-8253-33B966C16886", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*", matchCriteriaId: "041F9200-4C01-4187-AE34-240E8277B54D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*", matchCriteriaId: "4EB48767-F095-444F-9E05-D9AC345AB803", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*", matchCriteriaId: "5F6FA12B-504C-4DBF-A32E-0548557AA2ED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).", }, { lang: "es", value: "En Ruby, en versiones anteriores a la 2.2.10, versiones 2.3.x anteriores a la 2.3.7, versiones 2.4.x anteriores a la 2.4.4, versiones 2.5.x anteriores a la 2.5.1 y la versión 2.6.0-preview1, un atacante puede pasar una petición HTTP larga con una cabecera manipulada al servidor WEBrick o un cuerpo manipulado al servidor/manipulador WEBrick y provocar una denegación de servicio (consumo de memoria).", }, ], id: "CVE-2018-8777", lastModified: "2024-11-21T04:14:17.343", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-03T22:29:00.710", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103683", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1042004", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2019:2028", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2020:0542", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2020:0591", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2020:0663", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3685-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4259", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103683", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1042004", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2019:2028", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2020:0542", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2020:0591", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2020:0663", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3685-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4259", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-06-24 19:41
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| debian | debian_linux | 4.0 | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 7.04 | |
| canonical | ubuntu_linux | 7.10 | |
| canonical | ubuntu_linux | 8.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "D65BD5CD-5ECE-4294-B8E6-D0276FE8CC98", versionEndIncluding: "1.8.4", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "3A289D5F-E8F3-4102-BF83-C63114DFE32C", versionEndExcluding: "1.8.5.231", versionStartExcluding: "1.8.5", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "ABA0AC75-6B7E-48BD-891F-3FB312B9BA25", versionEndExcluding: "1.8.6.230", versionStartIncluding: "1.8.6", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "5EDF7713-E20F-4EED-A323-98902450FD09", versionEndExcluding: "1.8.7.22", versionStartIncluding: "1.8.7", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "9DDF08CB-5F01-49ED-9DDB-ED39C8B0423E", versionEndExcluding: "1.9.0.2", versionStartIncluding: "1.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", matchCriteriaId: "0F92AB32-E7DE-43F4-B877-1F41FA162EC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", matchCriteriaId: "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", matchCriteriaId: "6EBDAFF8-DE44-4E80-B6BD-E341F767F501", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", matchCriteriaId: "823BF8BE-2309-4F67-A5E2-EAD98F723468", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", matchCriteriaId: "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.", }, { lang: "es", value: "Múltiples desbordamientos de entero en la función rb_str_buf_append de Ruby 1.8.4 y anteriores, 1.8.5 antes de 1.8.5-p231, 1.8.6 anterior a 1.8.6-p230, 1.8.7 anterior a 1.8.7-p22 y 1.9.0 antes de 1.9.0-2 permite a atacantes dependientes del contexto ejecutar código de su elección o provocar una denegación de servicio mediante vectores desconocidos que disparan una corrupción de memoria, un problema distinto a CVE-2008-2663, CVE-2008-2664 y CVE-2008-2725. NOTA: a fecha de 24-06-2008, ha habido un uso inconsistente de múltiples identificadores CVE relacionados con Ruby. Esta descripción CVE debe ser tomada como autorizado, aunque probablemente cambie.", }, ], id: "CVE-2008-2662", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-06-24T19:41:00.000", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30802", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30831", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30867", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30875", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30894", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31062", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31181", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31256", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31687", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/33178", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT2163", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2008/dsa-1612", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2008/dsa-1618", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0561.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ruby-forum.com/topic/157034", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/493688/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/29903", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1020347", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/usn-621-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2008/1907/references", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43345", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://issues.rpath.com/browse/RPL-2626", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11601", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30802", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30831", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30867", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30875", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30894", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31062", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31181", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31256", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31687", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/33178", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT2163", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2008/dsa-1612", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2008/dsa-1618", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0561.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ruby-forum.com/topic/157034", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/493688/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/29903", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1020347", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/usn-621-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2008/1907/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43345", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://issues.rpath.com/browse/RPL-2626", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11601", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-189", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-29 21:15
Modified
2024-11-21 02:26
Severity ?
Summary
verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | trunk | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| puppet | puppet_agent | 1.0.0 | |
| puppet | puppet_enterprise | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "C5793852-ECE3-465A-B8A5-D506744191E9", versionEndExcluding: "2.1.6", versionStartIncluding: "2.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "4E69BA95-2D84-4E80-9617-3B2F2B02D9E9", versionEndExcluding: "2.2.2", versionStartIncluding: "2.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:-:*:*:*:*:*:*", matchCriteriaId: "45B882EE-85F9-42B0-85F3-0B6A9FF4BA5E", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*", matchCriteriaId: "D2423B85-0971-42AC-8B64-819008BC5778", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*", matchCriteriaId: "1C663278-3B2A-4B7C-959A-2AA804467F21", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*", matchCriteriaId: "B7927149-A76A-48BC-8405-7375FC7D7486", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p353:*:*:*:*:*:*", matchCriteriaId: "3D627638-64AA-455B-9FEA-093D3773B9FD", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p451:*:*:*:*:*:*", matchCriteriaId: "46485519-C2FB-4767-B699-9F51FDCF29E5", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p481:*:*:*:*:*:*", matchCriteriaId: "19CF27FB-DCF5-4533-B309-55615AE21A63", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p576:*:*:*:*:*:*", matchCriteriaId: "B9865DD1-F2AF-40B6-848A-EA9FD37034DD", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p594:*:*:*:*:*:*", matchCriteriaId: "C10BD21E-B9FA-4B57-B617-0108A00D6132", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p598:*:*:*:*:*:*", matchCriteriaId: "3D5ABD47-64AC-4844-B78B-F0D3BC3B8F49", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p643:*:*:*:*:*:*", matchCriteriaId: "4EF7FDAD-9CAF-452D-B229-EF7C390DE712", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:trunk:*:*:*:*:*:*:*:*", matchCriteriaId: "4A56FC0D-59AE-48DD-9DD8-3CC0E6DC0F80", versionEndExcluding: "50292", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:puppet:puppet_agent:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "DCB7E6DC-B6C3-452B-98F7-09D0CE0879E1", vulnerable: true, }, { criteria: "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", matchCriteriaId: "82B0F981-35E1-4C9D-9D16-DDB0CA341FEF", versionEndExcluding: "3.8.0", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.", }, { lang: "es", value: "La función Verified_certificate_identity en la extensión OpenSSL en Ruby versiones anteriores a 2.0.0 patchlevel 645, versiones 2.1.x anteriores a 2.1.6 y versiones 2.2.x anteriores 2.2.2, no comprueba apropiadamente los nombres de host, lo que permite a atacantes remotos falsificar servidores por medio de vectores relacionados con (1) múltiples wildcards, (1) wildcards en nombres IDNA, (3) sensibilidad a mayúsculas y minúsculas y (4) caracteres no ASCII.", }, ], id: "CVE-2015-1855", lastModified: "2024-11-21T02:26:16.630", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-29T21:15:10.807", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2015/dsa-3245", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2015/dsa-3246", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2015/dsa-3247", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://bugs.ruby-lang.org/issues/9644", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://puppetlabs.com/security/cve/cve-2015-1855", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2015/dsa-3245", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2015/dsa-3246", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2015/dsa-3247", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://bugs.ruby-lang.org/issues/9644", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://puppetlabs.com/security/cve/cve-2015-1855", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-06 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.talosintelligence.com/reports/TALOS-2016-0029/ | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.talosintelligence.com/reports/TALOS-2016-0029/ | Exploit, Technical Description, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*", matchCriteriaId: "5FCCD8F3-E667-42F2-9861-14EDFB16583A", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "822307DD-7F7D-44C2-9C4B-CB8704663410", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution.", }, { lang: "es", value: "Existe un tipo de confusión en dos métodos de la clase WIN32OLE de Ruby, ole_invoke y ole_query_interface. El atacante que pasa un diferente tipo de objeto del que es asumido por los desarrolladores puede provocar la ejecución de código arbitrario.", }, ], evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/843.html\">CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')</a>", id: "CVE-2016-2336", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-06T21:59:00.447", references: [ { source: "cret@cert.org", tags: [ "Exploit", "Technical Description", "Third Party Advisory", ], url: "http://www.talosintelligence.com/reports/TALOS-2016-0029/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Technical Description", "Third Party Advisory", ], url: "http://www.talosintelligence.com/reports/TALOS-2016-0029/", }, ], sourceIdentifier: "cret@cert.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-02-06 21:15
Modified
2024-11-21 06:26
Severity ?
Summary
CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:ruby:*:*", matchCriteriaId: "BDC4A7B5-ED99-4BA3-A016-89134C733059", versionEndExcluding: "0.3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:ruby:*:*", matchCriteriaId: "D4772765-264E-4A9E-80A8-CA0DFFAB3E11", versionEndIncluding: "0.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "D4499575-33A0-47D7-A88B-0E6FD2340792", versionEndExcluding: "3.0.3", versionStartIncluding: "3.0.0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:ruby:*:*", matchCriteriaId: "74619D97-ACF1-4F91-A7D3-50B893FFAEBF", versionEndIncluding: "0.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "D7B53365-0B48-4408-A4A7-9A3744F89F07", versionEndExcluding: "2.7.5", versionStartIncluding: "2.7.0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.", }, { lang: "es", value: "El archivo CGI.escape_html en Ruby versiones anteriores a 2.7.5 y 3.x versiones anteriores a 3.0.3, presenta un desbordamiento de enteros y un desbordamiento de búfer resultante por medio de una cadena larga en plataformas (como Windows) donde size_t y long tienen diferentes números de bytes. Esto también afecta a CGI gem versiones anteriores a 0.3.1 para Ruby", }, ], id: "CVE-2021-41816", lastModified: "2024-11-21T06:26:48.520", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-02-06T21:15:07.887", references: [ { source: "cve@mitre.org", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://hackerone.com/reports/1328463", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2021-41816", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/202401-27", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220303-0006/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://hackerone.com/reports/1328463", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2021-41816", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202401-27", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220303-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-08-13 01:41
Modified
2025-04-09 00:30
Severity ?
Summary
The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | * | |
| ruby-lang | ruby | 1.6.8 | |
| ruby-lang | ruby | 1.8.0 | |
| ruby-lang | ruby | 1.8.1 | |
| ruby-lang | ruby | 1.8.1 | |
| ruby-lang | ruby | 1.8.2 | |
| ruby-lang | ruby | 1.8.2 | |
| ruby-lang | ruby | 1.8.2 | |
| ruby-lang | ruby | 1.8.2 | |
| ruby-lang | ruby | 1.8.3 | |
| ruby-lang | ruby | 1.8.3 | |
| ruby-lang | ruby | 1.8.3 | |
| ruby-lang | ruby | 1.8.3 | |
| ruby-lang | ruby | 1.8.4 | |
| ruby-lang | ruby | 1.8.4 | |
| ruby-lang | ruby | 1.8.4 | |
| ruby-lang | ruby | 1.8.4 | |
| ruby-lang | ruby | 1.8.5 | |
| ruby-lang | ruby | 1.8.5 | |
| ruby-lang | ruby | 1.8.5 | |
| ruby-lang | ruby | 1.8.5 | |
| ruby-lang | ruby | 1.8.5 | |
| ruby-lang | ruby | 1.8.5 | |
| ruby-lang | ruby | 1.8.5 | |
| ruby-lang | ruby | 1.8.5 | |
| ruby-lang | ruby | 1.8.5 | |
| ruby-lang | ruby | 1.8.5 | |
| ruby-lang | ruby | 1.8.5 | |
| ruby-lang | ruby | 1.8.6 | |
| ruby-lang | ruby | 1.8.6 | |
| ruby-lang | ruby | 1.8.6 | |
| ruby-lang | ruby | 1.8.6 | |
| ruby-lang | ruby | 1.8.6 | |
| ruby-lang | ruby | 1.8.6 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "9721AB68-8002-4F85-98BC-0E6FDF7CDF6C", versionEndIncluding: "1.8.5", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.6.8:*:*:*:*:*:*:*", matchCriteriaId: "46086C6A-9068-4959-BEE7-4D76BDEA3962", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*", matchCriteriaId: "16BDFA5C-35BE-4B7E-BD2D-C28B095F62E0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.1:*:*:*:*:*:*:*", matchCriteriaId: "31160797-6920-4BA1-B355-1CCD1FCDBFC8", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.1:-9:*:*:*:*:*:*", matchCriteriaId: "BC306E85-66D8-4384-BBC3-92DC99C85FC2", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.2:*:*:*:*:*:*:*", matchCriteriaId: "A5675C37-39EF-41EF-9A53-3FCE4CF23820", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.2:preview2:*:*:*:*:*:*", matchCriteriaId: "39609530-0A81-481E-BDA4-5A98327EAD11", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.2:preview3:*:*:*:*:*:*", matchCriteriaId: "C19ADE91-4D9E-43ED-A605-E504B9090119", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.2:preview4:*:*:*:*:*:*", matchCriteriaId: "D89E3027-C2ED-4CC6-86F5-1B791576B6EF", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.3:*:*:*:*:*:*:*", matchCriteriaId: "46F29ADA-E6DC-456F-9E63-C56C68EF7E5C", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.3:preview1:*:*:*:*:*:*", matchCriteriaId: "57B1C113-682E-4F7D-BCF0-E30C446C4AC7", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.3:preview2:*:*:*:*:*:*", matchCriteriaId: "4BAF9471-B532-4194-AB3C-5AA28432FF27", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.3:preview3:*:*:*:*:*:*", matchCriteriaId: "51BE9728-A5FE-486A-8DB9-711E46243132", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.4:*:*:*:*:*:*:*", matchCriteriaId: "7AC1B910-C0FA-4943-92B1-597842E84015", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.4:preview1:*:*:*:*:*:*", matchCriteriaId: "A78ECCA9-6F07-4A63-8BF7-8D40F2439552", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.4:preview2:*:*:*:*:*:*", matchCriteriaId: "14513719-4ED8-4EAB-B4D8-29849B868BA0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.4:preview3:*:*:*:*:*:*", matchCriteriaId: "92E3814D-BEEA-4E46-9CED-9D8059727D14", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:p11:*:*:*:*:*:*", matchCriteriaId: "CA7D3F32-EFB7-4628-9328-36C6A306B399", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:p113:*:*:*:*:*:*", matchCriteriaId: "D1A95E9F-AEC5-4AF9-B7D9-52DDDECB7E77", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:p115:*:*:*:*:*:*", matchCriteriaId: "9328DE73-420B-4280-85A4-ABEFC4679676", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:p12:*:*:*:*:*:*", matchCriteriaId: "0F382FBD-6163-4A5B-AEB3-A15A843329F1", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:p2:*:*:*:*:*:*", matchCriteriaId: "4399121F-9BC7-4A67-8B0B-ED3B94A16D56", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:p35:*:*:*:*:*:*", matchCriteriaId: "BFE61EB9-2544-4E48-B313-63A99F4F5241", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview1:*:*:*:*:*:*", matchCriteriaId: "6122187F-2371-429A-971B-419B4ACE8E18", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview2:*:*:*:*:*:*", matchCriteriaId: "8A42425D-FF21-4863-B43D-EE100DBE6BD7", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview3:*:*:*:*:*:*", matchCriteriaId: "06512108-020D-4D71-8F60-6AA2052D7D35", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview4:*:*:*:*:*:*", matchCriteriaId: "E2E152A5-F625-4061-AD8C-4CFA085B674F", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview5:*:*:*:*:*:*", matchCriteriaId: "756F5247-658C-412C-ACBF-CBE987DF748A", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*", matchCriteriaId: "876B2575-4F81-4A70-9A88-9BEE44649626", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:p110:*:*:*:*:*:*", matchCriteriaId: "DF02372D-FD0B-453F-821E-1E0BA7900711", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:p114:*:*:*:*:*:*", matchCriteriaId: "ACC0DB90-C072-4BCB-9082-94394F547D35", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1:*:*:*:*:*:*", matchCriteriaId: "04579340-B53F-47B5-99C9-B647AAA3D303", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2:*:*:*:*:*:*", matchCriteriaId: "9D7F4162-108A-470B-8E6B-C009E8C56AEF", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3:*:*:*:*:*:*", matchCriteriaId: "73AB0545-3D8D-4623-8381-D71DA44E3B5D", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*", matchCriteriaId: "2D86FC99-3521-4E22-8FD3-65CEB05A6342", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*", matchCriteriaId: "84A291B0-EABD-4572-B8E2-2457DBAEDC92", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*", matchCriteriaId: "1FE05F3A-A8B5-45EE-BF52-D55E2768F890", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*", matchCriteriaId: "0C6D66E2-3E10-4DEA-9E6B-53A5DE78AFCF", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*", matchCriteriaId: "4E37786B-5336-4182-A1E3-801BDB6F61EC", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*", matchCriteriaId: "349D014E-223A-46A7-8334-543DB330C215", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*", matchCriteriaId: "550EC183-43A1-4A63-A23C-A48C1F078451", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*", matchCriteriaId: "0ACECF59-AA88-4B5C-A671-83842C9CF072", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "52179EC7-CAF0-42AA-A21A-7105E10CA122", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check \"taintness\" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.", }, { lang: "es", value: "El módulo dl en Ruby versiones 1.8.5 y anteriores, versiones 1.8.6 hasta 1.8.6-p286, versiones 1.8.7 hasta 1.8.7-p71, y versiones 1.9 a r18423 no comprueba la \"taintness\" de entradas, lo que permite a los atacantes dependiendo del contexto omitir los niveles seguros y ejecutar funciones peligrosas mediante el acceso a una biblioteca usando DL.dlopen.", }, ], id: "CVE-2008-3657", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-08-13T01:41:00.000", references: [ { source: "cve@mitre.org", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401", }, { source: "cve@mitre.org", url: "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/31430", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/31697", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32165", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32219", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32255", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32256", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32371", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/33178", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/35074", }, { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { source: "cve@mitre.org", url: "http://support.apple.com/kb/HT3549", }, { source: "cve@mitre.org", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", }, { source: "cve@mitre.org", url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2008/dsa-1651", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2008/dsa-1652", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { source: "cve@mitre.org", url: "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/495884/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", ], url: "http://www.securityfocus.com/bid/30644", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id?1020652", }, { source: "cve@mitre.org", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-133A.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2008/2334", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2009/1297", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44372", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9793", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/651-1/", }, { source: "cve@mitre.org", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html", }, { source: "cve@mitre.org", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/31430", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/31697", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32165", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32219", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32255", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32256", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32371", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/33178", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/35074", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.apple.com/kb/HT3549", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2008/dsa-1651", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2008/dsa-1652", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/495884/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "http://www.securityfocus.com/bid/30644", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1020652", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-133A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2008/2334", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2009/1297", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44372", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9793", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/651-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-11-14 01:46
Modified
2025-04-09 00:30
Severity ?
Summary
The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:*:*:*:*:*:*:*", matchCriteriaId: "C80BDE13-9CBB-4A5F-9BF4-BEB907CED271", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*", matchCriteriaId: "876B2575-4F81-4A70-9A88-9BEE44649626", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162.", }, { lang: "es", value: "Las librerias (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, y (5) Net::smtp en Ruby 1.8.5 y 1.8.6 no verifica el campo commonName (CN) en un servidor que valida certificados el nombre de dominio en una respuesta enviada sobre SSL, lo cual hace más facil a los atacantes remotos interceptar transmisiones SSL a través de un ataque de hombre en el medio o suplantando el sitio web, un componente diferente que el CVE-2007-5162.", }, ], id: "CVE-2007-5770", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-11-14T01:46:00.000", references: [ { source: "secalert@redhat.com", url: "http://docs.info.apple.com/article.html?artnum=307179", }, { source: "secalert@redhat.com", url: "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/26985", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/27576", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/27673", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/27756", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/27764", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/27769", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/27818", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/28136", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/28645", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/29556", }, { source: "secalert@redhat.com", url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13656", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2007/dsa-1410", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2007/dsa-1411", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2007/dsa-1412", }, { source: "secalert@redhat.com", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:029", }, { source: "secalert@redhat.com", url: "http://www.novell.com/linux/security/advisories/2007_24_sr.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2007-0961.html", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0965.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/26421", }, { source: "secalert@redhat.com", url: "http://www.securitytracker.com/id?1018938", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/usn-596-1", }, { source: "secalert@redhat.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA07-352A.html", }, { source: "secalert@redhat.com", url: "http://www.vupen.com/english/advisories/2007/4238", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=362081", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11025", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://docs.info.apple.com/article.html?artnum=307179", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/26985", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/27576", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/27673", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/27756", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/27764", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/27769", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/27818", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/28136", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/28645", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/29556", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13656", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2007/dsa-1410", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2007/dsa-1411", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2007/dsa-1412", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:029", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2007_24_sr.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2007-0961.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.redhat.com/support/errata/RHSA-2007-0965.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/26421", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1018938", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/usn-596-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA07-352A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/4238", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=362081", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11025", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-04-03 22:29
Modified
2024-11-21 04:14
Severity ?
Summary
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | 2.6.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "79C0C7FF-8814-4F49-8DFE-8763BE582055", versionEndExcluding: "2.2.10", versionStartIncluding: "2.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "17DC7068-E1B8-4699-BDE0-14305D35D24B", versionEndExcluding: "2.3.7", versionStartIncluding: "2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "7172D61A-F82C-4EB5-9763-611CFE08A09B", versionEndExcluding: "2.4.4", versionStartIncluding: "2.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "4A56E97B-C7E3-48AC-AAEF-4FA056276D03", versionEndExcluding: "2.5.1", versionStartIncluding: "2.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1:*:*:*:*:*:*", matchCriteriaId: "787FDFC6-E780-4F95-9E46-C5CF77E7EBC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", matchCriteriaId: "9070C9D8-A14A-467F-8253-33B966C16886", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.", }, { lang: "es", value: "En Ruby, en versiones anteriores a la 2.2.10, versiones 2.3.x anteriores a la 2.3.7, versiones 2.4.x anteriores a la 2.4.4, versiones 2.5.x anteriores a la 2.5.1 y la versión 2.6.0-preview1, los métodos UNIXServer.open y UNIXSocket.open no se comprueban en busca de caracteres null. Podría estar relacionado con un socket no planeado.", }, ], id: "CVE-2018-8779", lastModified: "2024-11-21T04:14:17.757", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-03T22:29:00.850", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103767", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1042004", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2019:2028", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3626-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4259", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103767", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1042004", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2019:2028", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3626-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4259", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-01-01 06:15
Modified
2024-11-21 06:26
Severity ?
Summary
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | cgi | 0.1.0 | |
| ruby-lang | cgi | 0.2.0 | |
| ruby-lang | cgi | 0.3.0 | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| redhat | software_collections | - | |
| redhat | enterprise_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| suse | linux_enterprise | 11.0 | |
| suse | linux_enterprise | 12.0 | |
| suse | linux_enterprise | 15.0 | |
| opensuse | factory | - | |
| opensuse | leap | 15.2 | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:cgi:0.1.0:*:*:*:*:ruby:*:*", matchCriteriaId: "2DEC113F-FF5D-48DC-896B-E1C8A2C76C9C", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:cgi:0.2.0:*:*:*:*:ruby:*:*", matchCriteriaId: "59B7F28D-757D-429F-88B5-7A8DAFB9BB4C", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:cgi:0.3.0:*:*:*:*:ruby:*:*", matchCriteriaId: "C8CB09D2-66DD-4E05-B9FC-F1C632C6942F", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "64AC442C-39CB-477C-9356-F36AF6762E53", versionEndIncluding: "2.6.8", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "D7B53365-0B48-4408-A4A7-9A3744F89F07", versionEndExcluding: "2.7.5", versionStartIncluding: "2.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "D4499575-33A0-47D7-A88B-0E6FD2340792", versionEndExcluding: "3.0.3", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*", matchCriteriaId: "749804DA-4B27-492A-9ABA-6BB562A6B3AC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:suse:linux_enterprise:11.0:sp1:*:*:*:*:*:*", matchCriteriaId: "4500161F-13A0-4369-B93A-778B34E7F005", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*", matchCriteriaId: "CBC8B78D-1131-4F21-919D-8AC79A410FB9", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise:15.0:*:*:*:*:*:*:*", matchCriteriaId: "1607628F-77A7-4C1F-98DF-0DC50AE8627D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*", matchCriteriaId: "E29492E1-43D8-43BF-94E3-26A762A66FAA", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.", }, { lang: "es", value: "CGI::Cookie.parse en Ruby versiones hasta 2.6.8, maneja inapropiadamente los prefijos de seguridad en los nombres de las cookies. Esto también afecta a CGI gem versiones hasta 0.3.0 para Ruby.", }, ], id: "CVE-2021-41819", lastModified: "2024-11-21T06:26:48.883", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-01-01T06:15:07.293", references: [ { source: "cve@mitre.org", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://hackerone.com/reports/910552", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/202401-27", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220121-0003/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://hackerone.com/reports/910552", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202401-27", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220121-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-565", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-08-05 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue exists because of a regression during Ruby 1.8.6 development.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | * | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7-160 | |
| ruby-lang | ruby | 1.8.7-173 | |
| ruby-lang | ruby | 1.8.7-248 | |
| ruby-lang | ruby | 1.8.7-249 | |
| ruby-lang | ruby | 1.8.7-299 | |
| ruby-lang | ruby | 1.8.7-302 | |
| ruby-lang | ruby | 1.8.7-330 | |
| ruby-lang | ruby | 1.8.7-p21 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "2C145137-6CD4-4E6D-B17E-F21F88E272BF", versionEndIncluding: "1.8.7-334", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*", matchCriteriaId: "1FE05F3A-A8B5-45EE-BF52-D55E2768F890", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*", matchCriteriaId: "0C6D66E2-3E10-4DEA-9E6B-53A5DE78AFCF", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p72:*:*:*:*:*:*", matchCriteriaId: "17AA24B4-30C7-4D46-A55C-A5CC7C446436", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7-160:*:*:*:*:*:*:*", matchCriteriaId: "DD10E326-6907-47DB-B2F1-D09EF2E7EBD8", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7-173:*:*:*:*:*:*:*", matchCriteriaId: "55A7F5F2-3F5D-441B-9756-8540BDCB3356", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7-248:*:*:*:*:*:*:*", matchCriteriaId: "4FE44E5F-8ECA-4325-9454-12682D84F430", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7-249:*:*:*:*:*:*:*", matchCriteriaId: "81D68A0E-2809-4A02-BEEA-B37719AC23DC", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7-299:*:*:*:*:*:*:*", matchCriteriaId: "324BD6C5-27BE-4678-846D-90433FD6AD0A", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7-302:*:*:*:*:*:*:*", matchCriteriaId: "6AA691FE-2BBF-4407-A52B-8CCAA07E0BC1", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7-330:*:*:*:*:*:*:*", matchCriteriaId: "3684A343-ABD7-4B80-993C-1F3CC0F983DF", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7-p21:*:*:*:*:*:*:*", matchCriteriaId: "D1797BB1-935E-45F0-A803-A985E5659236", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue exists because of a regression during Ruby 1.8.6 development.", }, { lang: "es", value: "Ruby en versiones anteriores a la 1.8.7-p352 no resetea la semilla aleatoria después de la creacción de procesos (\"forking\"), lo que facilita a atacantes dependientes del contexto predecir los valores de números aleatorios basándose en el conocimiento de números de secuencia obtenidos de procesos hijo diferentes. Vulnerabilidad relacionada con la CVE-2003-0900. NOTA: este problema existe debido a una regresión durante el desarrollo de Ruby 1.8.6.", }, ], id: "CVE-2011-2686", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-08-05T21:55:04.467", references: [ { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063062.html", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063071.html", }, { source: "secalert@redhat.com", url: "http://redmine.ruby-lang.org/issues/show/4338", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=31713", }, { source: "secalert@redhat.com", url: "http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_352/ChangeLog", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2011/07/11/1", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2011/07/12/14", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2011/07/20/1", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2011/07/20/16", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/49015", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=722415", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/69032", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063062.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063071.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://redmine.ruby-lang.org/issues/show/4338", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=31713", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_352/ChangeLog", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2011/07/11/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2011/07/12/14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2011/07/20/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2011/07/20/16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/49015", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=722415", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/69032", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-310", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-04-25 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
multi_xml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| erik_michaels-ober | multi_xml | 0.5.2 | |
| ruby-lang | ruby | * | |
| erik_michaels-ober | multi_xml | 0.5.2 | |
| grape_project | grape | 0.1.0 | |
| grape_project | grape | 0.1.1 | |
| grape_project | grape | 0.1.2 | |
| grape_project | grape | 0.1.3 | |
| grape_project | grape | 0.1.4 | |
| grape_project | grape | 0.1.5 | |
| grape_project | grape | 0.2.0 | |
| grape_project | grape | 0.2.1 | |
| grape_project | grape | 0.2.2 | |
| grape_project | grape | 0.2.3 | |
| grape_project | grape | 0.2.4 | |
| grape_project | grape | 0.2.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:erik_michaels-ober:multi_xml:0.5.2:*:*:*:*:*:*:*", matchCriteriaId: "28BB74BA-387E-4EDC-89BD-C83A5F7E8757", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "264DD094-A8CD-465D-B279-C834DDA5F79C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:erik_michaels-ober:multi_xml:0.5.2:*:*:*:*:*:*:*", matchCriteriaId: "28BB74BA-387E-4EDC-89BD-C83A5F7E8757", vulnerable: true, }, { criteria: "cpe:2.3:a:grape_project:grape:0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1E127DAB-366C-4EF8-BA31-75710F6C3EB8", vulnerable: true, }, { criteria: "cpe:2.3:a:grape_project:grape:0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "A2232040-600B-4700-A003-4938A69472AF", vulnerable: true, }, { criteria: "cpe:2.3:a:grape_project:grape:0.1.2:*:*:*:*:*:*:*", matchCriteriaId: "0D32EC21-9ED8-4AB9-A863-377B3FC65524", vulnerable: true, }, { criteria: "cpe:2.3:a:grape_project:grape:0.1.3:*:*:*:*:*:*:*", matchCriteriaId: "911EEC0A-A036-4612-ADA0-F37A60391731", vulnerable: true, }, { criteria: "cpe:2.3:a:grape_project:grape:0.1.4:*:*:*:*:*:*:*", matchCriteriaId: "AE5ED3F1-5108-41CE-9136-76C637D1515E", vulnerable: true, }, { criteria: "cpe:2.3:a:grape_project:grape:0.1.5:*:*:*:*:*:*:*", matchCriteriaId: "A782D309-3921-41A9-B651-7140DAA3B8F8", vulnerable: true, }, { criteria: "cpe:2.3:a:grape_project:grape:0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B936CD4A-AC45-44B0-A583-7F2EC00AEC0A", vulnerable: true, }, { criteria: "cpe:2.3:a:grape_project:grape:0.2.1:*:*:*:*:*:*:*", matchCriteriaId: "A3F9EBC0-F68A-403D-9EE8-E3B028B6AD08", vulnerable: true, }, { criteria: "cpe:2.3:a:grape_project:grape:0.2.2:*:*:*:*:*:*:*", matchCriteriaId: "FB8D75D8-3E36-4416-B340-BF106E851AA9", vulnerable: true, }, { criteria: "cpe:2.3:a:grape_project:grape:0.2.3:*:*:*:*:*:*:*", matchCriteriaId: "13955945-3FBD-4A5E-8412-B0FAE846ABAC", vulnerable: true, }, { criteria: "cpe:2.3:a:grape_project:grape:0.2.4:*:*:*:*:*:*:*", matchCriteriaId: "332884DB-6D64-42F2-B377-1AEB7FF62DF2", vulnerable: true, }, { criteria: "cpe:2.3:a:grape_project:grape:0.2.5:*:*:*:*:*:*:*", matchCriteriaId: "D8BE3F96-6394-45ED-A606-516A76A213F6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "multi_xml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.", }, { lang: "es", value: "multi_xml v0.5.2 de Ruby, tal como se utiliza en Grape antes de v0.2.6 y posiblemente otros productos, no restringe debidamente vaciados de valores de cadena, lo que permite a atacantes remotos realizar ataques de inyección a objetos y ejecutar código arbitrario o causar una denegación de servicio (consumo de memoria y CPU) que implica anidadas referencias de entidad XML, mediante el aprovechamiento de apoyo (1) YAML conversión de tipo o (2) la conversión de tipos Symbol, una vulnerabilidad similar a CVE-2013-0156.", }, ], id: "CVE-2013-0175", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-04-25T23:55:01.410", references: [ { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2013/01/11/9", }, { source: "secalert@redhat.com", url: "https://gist.github.com/nate/d7f6d9f4925f413621aa", }, { source: "secalert@redhat.com", url: "https://github.com/sferik/multi_xml/pull/34", }, { source: "secalert@redhat.com", url: "https://groups.google.com/forum/?fromgroups=#%21topic/ruby-grape/fthDkMgIOa0", }, { source: "secalert@redhat.com", url: "https://news.ycombinator.com/item?id=5040457", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2013/01/11/9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://gist.github.com/nate/d7f6d9f4925f413621aa", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/sferik/multi_xml/pull/34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://groups.google.com/forum/?fromgroups=#%21topic/ruby-grape/fthDkMgIOa0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://news.ycombinator.com/item?id=5040457", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-12-20 09:29
Modified
2025-04-20 01:37
Severity ?
Summary
The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "B35C3AD5-0AFB-481C-A14C-74FE4E9D4075", versionEndIncluding: "2.2.8", versionStartIncluding: "2.2", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "1D4CCCBF-2BC7-4F93-ABD5-E8A979DD6FBC", versionEndIncluding: "2.3.5", versionStartIncluding: "2.3", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "175826D2-3602-48AE-A3B9-5764E8FC8834", versionEndIncluding: "2.4.2", versionStartIncluding: "2.4", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.5.0:preview1:*:*:*:*:*:*", matchCriteriaId: "1A059BF9-B9CA-4468-ABCD-0B8BD0C67FEF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.", }, { lang: "es", value: "La función lazy_initialize en lib/resolv.rb en Ruby hasta la versión 2.4.3 utiliza Kernel#open, lo que podría permitir ataques de inyección de comandos, tal y como demuestra un argumento Resolv::Hosts::new que comience con un carácter \"|\". Esta es una vulnerabilidad diferente a CVE-2017-17405. NOTA: es altamente improbable que se den situaciones con entradas no fiables.", }, ], id: "CVE-2017-17790", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-12-20T09:29:01.477", references: [ { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2018:0378", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2018:0584", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2018:0585", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/ruby/ruby/pull/1777", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { source: "cve@mitre.org", url: "https://www.debian.org/security/2018/dsa-4259", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2018:0378", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2018:0584", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2018:0585", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/ruby/ruby/pull/1777", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.debian.org/security/2018/dsa-4259", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-11-02 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opensuse | opensuse | 12.2 | |
| opensuse | opensuse | 12.3 | |
| ruby-lang | ruby | 1.9 | |
| ruby-lang | ruby | 1.9.1 | |
| ruby-lang | ruby | 1.9.2 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 2.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", matchCriteriaId: "D806A17E-B8F9-466D-807D-3F1E77603DC8", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", matchCriteriaId: "DFBF430B-0832-44B0-AA0E-BA9E467F7668", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*", matchCriteriaId: "D9237145-35F8-4E05-B730-77C0F386E5B2", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*", matchCriteriaId: "C78BB1D8-0505-484D-B824-1AA219F8B247", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*", matchCriteriaId: "5178D04D-1C29-4353-8987-559AA07443EC", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*", matchCriteriaId: "D0535DC9-EB0E-4745-80AC-4A020DF26E38", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*", matchCriteriaId: "94F5AA37-B466-4E2E-B217-5119BADDD87B", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*", matchCriteriaId: "6DF0F0F5-4022-4837-9B40-4B1127732CC9", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*", matchCriteriaId: "B3848B08-85C2-4AAD-AA33-CCEB80EF5B32", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*", matchCriteriaId: "B7927D40-2A3A-43AD-99F6-CE61882A1FF4", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*", matchCriteriaId: "AA406EC6-6CA5-40A6-A879-AA8940CBEF07", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p385:*:*:*:*:*:*", matchCriteriaId: "1D041884-3921-4466-9A48-F644FDDA9D50", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p392:*:*:*:*:*:*", matchCriteriaId: "397A2EA7-6F83-427B-8578-3794EBF04849", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*", matchCriteriaId: "90E0471D-1323-4E67-B66C-DEBF3BBAEEAA", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B03B7561-A854-4EFA-9E4E-CFC4EEAE4EE1", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*", matchCriteriaId: "D2423B85-0971-42AC-8B64-819008BC5778", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1:*:*:*:*:*:*", matchCriteriaId: "CB116A84-1652-4F5D-98AC-81F0349EEDC0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2:*:*:*:*:*:*", matchCriteriaId: "259C21E7-6084-4710-9BB3-C232942A451E", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*", matchCriteriaId: "285A3431-BDFE-40C5-92CD-B18217757C23", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*", matchCriteriaId: "D66B32CB-AC49-4A1C-85ED-6389F27CB319", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.", }, { lang: "es", value: "(1) DL y (2) Fiddle en Ruby 1.9 anterior a 1.9.3 patchlevel 426, y 2.0 anterior a 2.0.0 patchlevel 195, no se realizan la comprobación de corrupción de las funciones nativas, lo que permite a atacantes dependientes de contexto eludir el nivel de restricciones $SAFE.", }, ], id: "CVE-2013-2065", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-11-02T19:55:04.430", references: [ { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107064.html", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107098.html", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107120.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2013-10/msg00057.html", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2035-1", }, { source: "secalert@redhat.com", url: "https://puppet.com/security/cve/cve-2013-2065", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107064.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107098.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107120.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2013-10/msg00057.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2035-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://puppet.com/security/cve/cve-2013-2065", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-03-20 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| puppet | puppet | 2.7.2 | |
| puppet | puppet | 2.7.3 | |
| puppet | puppet | 2.7.4 | |
| puppet | puppet | 2.7.5 | |
| puppet | puppet | 2.7.6 | |
| puppet | puppet | 2.7.7 | |
| puppet | puppet | 2.7.8 | |
| puppet | puppet | 2.7.9 | |
| puppet | puppet | 2.7.10 | |
| puppet | puppet | 2.7.11 | |
| puppet | puppet | 2.7.12 | |
| puppet | puppet | 2.7.13 | |
| puppet | puppet | 2.7.14 | |
| puppet | puppet | 2.7.16 | |
| puppet | puppet | 2.7.17 | |
| puppet | puppet | 2.7.18 | |
| puppet | puppet_enterprise | 3.1.0 | |
| puppetlabs | puppet | 2.7.0 | |
| puppetlabs | puppet | 2.7.1 | |
| puppetlabs | puppet | 2.7.19 | |
| puppetlabs | puppet | 2.7.20 | |
| puppetlabs | puppet | 2.7.20 | |
| ruby-lang | ruby | 1.9 | |
| ruby-lang | ruby | 1.9.1 | |
| ruby-lang | ruby | 1.9.2 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 2.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*", matchCriteriaId: "BE56BA6B-BDC4-431E-81FD-D7ED5E8783E9", vulnerable: true, }, { criteria: "cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*", matchCriteriaId: "FDDDFB28-1971-4CCD-93D2-ABC08FE67F4A", vulnerable: true, }, { criteria: "cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*", matchCriteriaId: "508105B4-619A-4A9D-8B2F-FE5992C1006A", vulnerable: true, }, { criteria: "cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*", matchCriteriaId: "26DB96A5-A57D-452F-A452-98B11F51CAE6", vulnerable: true, }, { criteria: "cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*", matchCriteriaId: "D33AF704-FA05-4EA8-BE95-0177871A810F", vulnerable: true, }, { criteria: "cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*", matchCriteriaId: "390FC5AE-4939-468C-B323-6B4E267A0F4C", vulnerable: true, }, { criteria: "cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*", matchCriteriaId: "07DE4213-E233-402E-88C2-B7FF8D7B682C", vulnerable: true, }, { criteria: "cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*", matchCriteriaId: "4122D8E3-24AD-4A55-9F89-C3AAD50E638D", vulnerable: true, }, { criteria: "cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*", matchCriteriaId: "AF6D6B90-62BA-4944-A699-6D7C48AFD0A1", vulnerable: true, }, { criteria: "cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*", matchCriteriaId: "8EC6A7B3-5949-4439-994A-68DA65438F5D", vulnerable: true, }, { criteria: "cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*", matchCriteriaId: "5140C34D-589C-43DB-BCA7-8434EB173205", vulnerable: true, }, { criteria: "cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*", matchCriteriaId: "E561C081-6262-46D3-AB17-01EEA6D3E988", vulnerable: true, }, { criteria: "cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*", matchCriteriaId: "4703802D-0E3A-4760-B660-6AE0AF74DD40", vulnerable: true, }, { criteria: "cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*", matchCriteriaId: "BE3D39F6-F9C8-4E7F-981A-265B04E85579", vulnerable: true, }, { criteria: "cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*", matchCriteriaId: "FEBB3936-7A81-4BD9-80B2-3F614980BBCE", vulnerable: true, }, { criteria: "cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*", matchCriteriaId: "A1EABC0F-A7A6-4C28-9331-3EEB6D39A0C2", vulnerable: true, }, { criteria: "cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "3CFF3B0A-2C66-445A-BB5C-136DCAA584FE", vulnerable: true, }, { criteria: "cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*", matchCriteriaId: "1E5192CB-094F-469E-A644-2255C4F44804", vulnerable: true, }, { criteria: "cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*", matchCriteriaId: "D17D2752-CB0D-4CC8-8604-FEBF8DEE16E0", vulnerable: true, }, { criteria: "cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*", matchCriteriaId: "29BBE8DB-8560-4A57-9BCB-D709A697ECDE", vulnerable: true, }, { criteria: "cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*", matchCriteriaId: "10E0543B-5B1D-4522-945D-98BD63380500", vulnerable: true, }, { criteria: "cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*", matchCriteriaId: "817AB37A-F7B0-4E68-B10A-9E4A358793F3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*", matchCriteriaId: "D9237145-35F8-4E05-B730-77C0F386E5B2", vulnerable: false, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*", matchCriteriaId: "C78BB1D8-0505-484D-B824-1AA219F8B247", vulnerable: false, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*", matchCriteriaId: "5178D04D-1C29-4353-8987-559AA07443EC", vulnerable: false, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*", matchCriteriaId: "D0535DC9-EB0E-4745-80AC-4A020DF26E38", vulnerable: false, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*", matchCriteriaId: "94F5AA37-B466-4E2E-B217-5119BADDD87B", vulnerable: false, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*", matchCriteriaId: "6DF0F0F5-4022-4837-9B40-4B1127732CC9", vulnerable: false, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*", matchCriteriaId: "B3848B08-85C2-4AAD-AA33-CCEB80EF5B32", vulnerable: false, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*", matchCriteriaId: "B7927D40-2A3A-43AD-99F6-CE61882A1FF4", vulnerable: false, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*", matchCriteriaId: "AA406EC6-6CA5-40A6-A879-AA8940CBEF07", vulnerable: false, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*", matchCriteriaId: "90E0471D-1323-4E67-B66C-DEBF3BBAEEAA", vulnerable: false, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B03B7561-A854-4EFA-9E4E-CFC4EEAE4EE1", vulnerable: false, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*", matchCriteriaId: "285A3431-BDFE-40C5-92CD-B18217757C23", vulnerable: false, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*", matchCriteriaId: "D66B32CB-AC49-4A1C-85ED-6389F27CB319", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to \"serialized attributes.\"", }, { lang: "es", value: "Puppet v2.7.x anterior a v2.7.21 y 3.1.x anterior a v3.1.1, cuando ejecutan Ruby v1.9.3 o posterior, permite a atacantes remotos ejecutar código arbitario mediante vectores relacionados con \"serialized attributes.\"", }, ], evaluatorImpact: "Per http://www.ubuntu.com/usn/usn-1759-1/\r\n\"A security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n Ubuntu 12.10\r\n Ubuntu 12.04 LTS\r\n Ubuntu 11.10\r\n\"", id: "CVE-2013-1655", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-03-20T16:55:01.807", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/52596", }, { source: "cve@mitre.org", url: "http://ubuntu.com/usn/usn-1759-1", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2013/dsa-2643", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/58442", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://puppetlabs.com/security/cve/cve-2013-1655/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/52596", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://ubuntu.com/usn/usn-1759-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2013/dsa-2643", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/58442", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://puppetlabs.com/security/cve/cve-2013-1655/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-06-24 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*", matchCriteriaId: "D9237145-35F8-4E05-B730-77C0F386E5B2", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*", matchCriteriaId: "C78BB1D8-0505-484D-B824-1AA219F8B247", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*", matchCriteriaId: "5178D04D-1C29-4353-8987-559AA07443EC", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*", matchCriteriaId: "D0535DC9-EB0E-4745-80AC-4A020DF26E38", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B03B7561-A854-4EFA-9E4E-CFC4EEAE4EE1", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1:-:*:*:*:*:*:*", matchCriteriaId: "77020036-DC99-461B-9A36-E8C0BE44E6B8", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "8DF046E4-503B-4A10-BEAB-3144BD86EA49", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*", matchCriteriaId: "9FCA45F1-3038-413A-B8C3-EE366A4E6248", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*", matchCriteriaId: "FF6AF5E3-4EB8-48A3-B8E9-C79C08C38994", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*", matchCriteriaId: "6AE2B154-8126-4A38-BAB6-915207764FC0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1.5:*:*:*:*:*:*:*", matchCriteriaId: "808FA8BE-71FC-4ADD-BDEA-637E8DF4E899", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B8F103B7-0E70-4490-9802-2CD6034E240B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F2D82506-3FB5-41BA-8704-CC324C0B0DB2", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "260A155C-ED09-44E7-8279-5B94A4AC8CA4", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "C4E0506F-F2E6-45A2-B637-576C341A71B7", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "C2EC4513-B653-438A-A1E4-406D055FC160", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "F5FDF363-24FA-45D2-879B-B1CF9B667AE2", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "03A81F55-2B6B-467C-9281-AA11ED31220F", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "A8143D88-890D-4C87-9120-46B33D7D63C8", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "3E5608F5-AC8A-4368-9323-A2CC09F18AAD", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.8:*:*:*:*:*:*:*", matchCriteriaId: "0ACEEB4D-D21D-4D89-881A-9FC33121F69C", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "BE3D1495-E577-492F-ADE1-B8E8FB7F241A", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.10:*:*:*:*:*:*:*", matchCriteriaId: "BCD623FF-E72B-4C63-B9E6-AFCDEFDD760A", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.11:*:*:*:*:*:*:*", matchCriteriaId: "EAA1E4C2-29CA-48C2-AFFA-5357B36655FB", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.12:*:*:*:*:*:*:*", matchCriteriaId: "EB358B7A-D258-4B86-BBD9-09388109653A", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.13:*:*:*:*:*:*:*", matchCriteriaId: "5C608597-03F7-4F01-803F-0E2B1E9E1D30", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.14:*:*:*:*:*:*:*", matchCriteriaId: "67C95ABA-1949-4B56-B9E3-44B4AF90274D", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.15:*:*:*:*:*:*:*", matchCriteriaId: "DD319AE0-3D8C-40DF-857D-C38EAFA88C68", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "672CC7FA-188C-4F34-B10D-7E0C4E7857F4", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.2.1:*:*:*:*:*:*:*", matchCriteriaId: "FFCFF897-E65B-4D58-BA4D-B08FEF1201B6", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.2.2:*:*:*:*:*:*:*", matchCriteriaId: "1B6D0730-F774-4E29-9871-3FF4BA89981E", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.2.3:*:*:*:*:*:*:*", matchCriteriaId: "2D692C10-A24E-48EA-887C-7333C772744C", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "5AFD153C-B0C3-4A91-8B09-839341FA4434", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.4.1:*:*:*:*:*:*:*", matchCriteriaId: "04D0BF47-C818-4834-BFA2-23DD25386CCC", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.4.2:*:*:*:*:*:*:*", matchCriteriaId: "7F54C49A-12CE-4AC5-A94A-9C5921414AC6", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.4.3:*:*:*:*:*:*:*", matchCriteriaId: "9CFF3F39-EF40-4D73-965F-98A51C39C02F", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.4.4:*:*:*:*:*:*:*", matchCriteriaId: "35BCB8FC-EE9C-4AA4-A4A0-E20A3E557129", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.4.5:*:*:*:*:*:*:*", matchCriteriaId: "A5B90365-2172-43E3-870B-A16F9FB45FD8", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.4.6:*:*:*:*:*:*:*", matchCriteriaId: "D4932202-9EEA-4B95-A24A-637678837179", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", matchCriteriaId: "79A602C5-61FE-47BA-9786-F045B6C6DBA8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a \"DNS hijack attack.\"", }, { lang: "es", value: "RubyGems 2.0.x en versiones anteriores a 2.0.16, 2.2.x en versiones anteriores a 2.2.4 y 2.4.x en versiones anteriores a 2.4.7 no valida el nombre de host al recuperar gemas o hacer solicitudes de API, lo que permite a atacantes remotos redireccionar peticiones a dominios arbitrarios a través del registro DNS SRV manipulado, también conocido como un \"ataque de secuestro de DNS\".", }, ], id: "CVE-2015-3900", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-06-24T14:59:01.190", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html", }, { source: "cve@mitre.org", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163502.html", }, { source: "cve@mitre.org", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.html", }, { source: "cve@mitre.org", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164236.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1657.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2015/06/26/2", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/75482", }, { source: "cve@mitre.org", url: "https://puppet.com/security/cve/CVE-2015-3900", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163502.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164236.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2015-1657.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2015/06/26/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/75482", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://puppet.com/security/cve/CVE-2015-3900", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-254", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-04-03 22:29
Modified
2024-11-21 04:14
Severity ?
Summary
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | 2.6.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 7.4 | |
| redhat | enterprise_linux | 7.5 | |
| redhat | enterprise_linux | 7.6 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "79C0C7FF-8814-4F49-8DFE-8763BE582055", versionEndExcluding: "2.2.10", versionStartIncluding: "2.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "17DC7068-E1B8-4699-BDE0-14305D35D24B", versionEndExcluding: "2.3.7", versionStartIncluding: "2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "7172D61A-F82C-4EB5-9763-611CFE08A09B", versionEndExcluding: "2.4.4", versionStartIncluding: "2.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "4A56E97B-C7E3-48AC-AAEF-4FA056276D03", versionEndExcluding: "2.5.1", versionStartIncluding: "2.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1:*:*:*:*:*:*", matchCriteriaId: "787FDFC6-E780-4F95-9E46-C5CF77E7EBC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", matchCriteriaId: "9070C9D8-A14A-467F-8253-33B966C16886", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*", matchCriteriaId: "041F9200-4C01-4187-AE34-240E8277B54D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*", matchCriteriaId: "4EB48767-F095-444F-9E05-D9AC345AB803", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*", matchCriteriaId: "5F6FA12B-504C-4DBF-A32E-0548557AA2ED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.", }, { lang: "es", value: "En Ruby, en versiones anteriores a la 2.2.10, versiones 2.3.x anteriores a la 2.3.7, versiones 2.4.x anteriores a la 2.4.4, versiones 2.5.x anteriores a la 2.5.1 y la versión 2.6.0-preview1, un atacante que controla el formato de desempaquetado (similar a las vulnerabilidades de cadena de formato) puede desencadenar una sublectura de búfer en el método String#unpack. Esto resulta en una gran divulgación de información controlada.", }, ], id: "CVE-2018-8778", lastModified: "2024-11-21T04:14:17.550", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-03T22:29:00.773", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103693", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1042004", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2019:2028", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3626-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4259", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103693", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1042004", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2019:2028", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3626-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4259", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-134", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-08-29 12:07
Modified
2025-04-11 00:51
Severity ?
Summary
lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adam_zaninovich | sounder | 1.0.1 | |
| ruby-lang | ruby | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:adam_zaninovich:sounder:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "8B8C90DB-54D0-49F3-93D6-7B2A8E089672", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "264DD094-A8CD-465D-B279-C834DDA5F79C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.", }, { lang: "es", value: "lib/sounder/sound.rb en Sounder Gem v1.0.1 para Ruby permite a atacantes remotos ejecutar código arbitrario a través de metacaracteres de shell en un nombre de archivo.", }, ], id: "CVE-2013-5647", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-08-29T12:07:56.583", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://vapid.dhs.org/advisories/sounder-ruby-gem-cmd-inj.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://vapid.dhs.org/advisories/sounder-ruby-gem-cmd-inj.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-03-04 00:15
Modified
2025-03-05 14:58
Severity ?
4.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27220.yml | Third Party Advisory | |
| cve@mitre.org | https://hackerone.com/reports/2890322 | Permissions Required |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:ruby:*:*", matchCriteriaId: "E7161F63-FEE1-4803-A460-FE87E323B05D", versionEndExcluding: "0.3.5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:ruby:*:*", matchCriteriaId: "A30117BA-C46E-44BB-A581-86E43F37D6E4", versionEndExcluding: "0.4.2", versionStartIncluding: "0.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:cgi:0.3.6:*:*:*:*:ruby:*:*", matchCriteriaId: "8AE1C5F9-0743-49A2-8292-0018FEEF81E0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "DD748C02-1E5E-4D92-9C41-2BF953874C32", vulnerable: false, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "8850AECE-0966-403B-A0D8-694C3ECE39D4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.", }, { lang: "es", value: "En la gema CGI anterior a 0.4.2 para Ruby, existe una vulnerabilidad de denegación de servicio de expresión regular (ReDoS) en el método Util#escapeElement.", }, ], id: "CVE-2025-27220", lastModified: "2025-03-05T14:58:14.463", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-03-04T00:15:31.693", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27220.yml", }, { source: "cve@mitre.org", tags: [ "Permissions Required", ], url: "https://hackerone.com/reports/2890322", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-1333", }, ], source: "cve@mitre.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-1333", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-10-17 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. NOTE: this issue is due to an incomplete fix for CVE-2013-4287.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*", matchCriteriaId: "EBD0BCCE-898F-4859-A1D8-5D15894BA539", versionEndIncluding: "1.8.23", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.0:*:*:*:*:*:*:*", matchCriteriaId: "8D6A915B-43FF-4FFA-98FA-968403825D43", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.1:*:*:*:*:*:*:*", matchCriteriaId: "767790C2-2C72-45C0-A4EF-F21EAAAD1698", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.2:*:*:*:*:*:*:*", matchCriteriaId: "DBAB2571-F73A-4843-A494-1D10A214862D", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.3:*:*:*:*:*:*:*", matchCriteriaId: "57847827-F148-42C9-9180-3D5482249CB9", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.4:*:*:*:*:*:*:*", matchCriteriaId: "323AC584-E261-445D-9C84-DA34DFDE2D39", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.5:*:*:*:*:*:*:*", matchCriteriaId: "2A563E3D-2D87-4712-8C90-067ABB9D6810", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.6:*:*:*:*:*:*:*", matchCriteriaId: "7B540D22-0BDC-4727-B11E-9667F6E188BA", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.7:*:*:*:*:*:*:*", matchCriteriaId: "8D7D308E-2A6C-4DF7-94B1-C5BCC5C3FD24", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.8:*:*:*:*:*:*:*", matchCriteriaId: "741E979F-6AD5-4C15-8541-5D5F659E5ED3", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.9:*:*:*:*:*:*:*", matchCriteriaId: "81C93DD3-19B4-431D-A7BD-E86F90F91745", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.10:*:*:*:*:*:*:*", matchCriteriaId: "CA2C407B-2C0F-4C46-9F5B-6C63CC887941", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.11:*:*:*:*:*:*:*", matchCriteriaId: "7865522C-C5D0-4D4B-B090-7B756B36DF4F", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.12:*:*:*:*:*:*:*", matchCriteriaId: "CA1CDCDA-E1F2-4C23-8448-0EF1D61CE40B", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.13:*:*:*:*:*:*:*", matchCriteriaId: "95AE74A8-4A90-4372-8B88-81FF7E6E578B", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.14:*:*:*:*:*:*:*", matchCriteriaId: "3F6BED14-99EA-4F87-95BB-078D2CEED349", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.15:*:*:*:*:*:*:*", matchCriteriaId: "7EC8340E-D33E-4DB6-A08B-E56EA035C133", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.16:*:*:*:*:*:*:*", matchCriteriaId: "4BF3F97C-C396-4AFE-9EC6-4BBD840ED363", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.17:*:*:*:*:*:*:*", matchCriteriaId: "41E7E929-1144-438A-A55D-0B5CE6886C0E", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.18:*:*:*:*:*:*:*", matchCriteriaId: "F3EB522C-6EA5-4CF5-B610-CB9414DD4815", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.19:*:*:*:*:*:*:*", matchCriteriaId: "EF3220D1-DEFF-46A6-95B3-A40838D4E294", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.20:*:*:*:*:*:*:*", matchCriteriaId: "E8DA4D9E-B822-4254-856C-3176A948D718", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.21:*:*:*:*:*:*:*", matchCriteriaId: "0D3EAD7C-CB12-4897-B5FA-63D49CDABD35", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.22:*:*:*:*:*:*:*", matchCriteriaId: "03AC5DA5-AD7F-4C7F-8437-568B7AAAEB17", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.24:*:*:*:*:*:*:*", matchCriteriaId: "B549DE72-CB99-4E37-9B0A-CDDBF1AC7B27", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.25:*:*:*:*:*:*:*", matchCriteriaId: "CBA0773B-1409-4407-AF8C-ED4212FE8DB0", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.26:*:*:*:*:*:*:*", matchCriteriaId: "1D53F5C8-B881-46ED-8041-26C0B736C9F5", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F2D82506-3FB5-41BA-8704-CC324C0B0DB2", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.0:preview2:*:*:*:*:*:*", matchCriteriaId: "28EF4773-AA97-4209-951F-942286A92413", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.0:preview2.1:*:*:*:*:*:*", matchCriteriaId: "2A3D3005-679A-4761-AC38-CAE1C1CB20AC", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.0:preview2.2:*:*:*:*:*:*", matchCriteriaId: "344FF6A4-8041-4652-A0EA-F18BB0FCFB26", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.0:rc1:*:*:*:*:*:*", matchCriteriaId: "E6CC620F-8E83-4256-9872-CCCDF5A4ED35", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.0:rc2:*:*:*:*:*:*", matchCriteriaId: "F22B79F6-5CA1-4E5C-9223-345A39EDD507", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "260A155C-ED09-44E7-8279-5B94A4AC8CA4", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "C4E0506F-F2E6-45A2-B637-576C341A71B7", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "C2EC4513-B653-438A-A1E4-406D055FC160", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "F5FDF363-24FA-45D2-879B-B1CF9B667AE2", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "03A81F55-2B6B-467C-9281-AA11ED31220F", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "A8143D88-890D-4C87-9120-46B33D7D63C8", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "3E5608F5-AC8A-4368-9323-A2CC09F18AAD", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.8:*:*:*:*:*:*:*", matchCriteriaId: "0ACEEB4D-D21D-4D89-881A-9FC33121F69C", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "BE3D1495-E577-492F-ADE1-B8E8FB7F241A", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "31B50C72-C84A-4B4B-9E62-EB78E50DD19A", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "EBB4E82A-B1A2-4B35-B961-830FE00F1F7D", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.1.0:rc2:*:*:*:*:*:*", matchCriteriaId: "CCAD8F26-21A8-42D8-8B12-487F59EB10CD", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "360BB3DB-FC9E-4791-AF2F-D331267E1603", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.1.2:*:*:*:*:*:*:*", matchCriteriaId: "23FE3A27-39D4-4D73-9E04-81AB02736435", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.1.3:*:*:*:*:*:*:*", matchCriteriaId: "4F3FFBBD-D379-4C00-B8B7-2B21B7E8C6C5", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.1.4:*:*:*:*:*:*:*", matchCriteriaId: "5987FA3A-4C1B-45DC-909A-2B475917CC32", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*", matchCriteriaId: "D9237145-35F8-4E05-B730-77C0F386E5B2", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*", matchCriteriaId: "C78BB1D8-0505-484D-B824-1AA219F8B247", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*", matchCriteriaId: "5178D04D-1C29-4353-8987-559AA07443EC", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*", matchCriteriaId: "D0535DC9-EB0E-4745-80AC-4A020DF26E38", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*", matchCriteriaId: "94F5AA37-B466-4E2E-B217-5119BADDD87B", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*", matchCriteriaId: "6DF0F0F5-4022-4837-9B40-4B1127732CC9", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*", matchCriteriaId: "B3848B08-85C2-4AAD-AA33-CCEB80EF5B32", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*", matchCriteriaId: "B7927D40-2A3A-43AD-99F6-CE61882A1FF4", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*", matchCriteriaId: "AA406EC6-6CA5-40A6-A879-AA8940CBEF07", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p385:*:*:*:*:*:*", matchCriteriaId: "1D041884-3921-4466-9A48-F644FDDA9D50", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p392:*:*:*:*:*:*", matchCriteriaId: "397A2EA7-6F83-427B-8578-3794EBF04849", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p426:*:*:*:*:*:*", matchCriteriaId: "298A5681-F756-4952-A9F8-E4C76736DF8F", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p429:*:*:*:*:*:*", matchCriteriaId: "BC5A12F7-47E2-4AC7-A41B-F4B01319002D", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*", matchCriteriaId: "90E0471D-1323-4E67-B66C-DEBF3BBAEEAA", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B03B7561-A854-4EFA-9E4E-CFC4EEAE4EE1", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*", matchCriteriaId: "D2423B85-0971-42AC-8B64-819008BC5778", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*", matchCriteriaId: "1C663278-3B2A-4B7C-959A-2AA804467F21", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*", matchCriteriaId: "B7927149-A76A-48BC-8405-7375FC7D7486", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1:*:*:*:*:*:*", matchCriteriaId: "CB116A84-1652-4F5D-98AC-81F0349EEDC0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2:*:*:*:*:*:*", matchCriteriaId: "259C21E7-6084-4710-9BB3-C232942A451E", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*", matchCriteriaId: "285A3431-BDFE-40C5-92CD-B18217757C23", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*", matchCriteriaId: "D66B32CB-AC49-4A1C-85ED-6389F27CB319", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. NOTE: this issue is due to an incomplete fix for CVE-2013-4287.", }, { lang: "es", value: "Vulnerabilidad en la complejidad algorítmica en Gem :: Versión :: ANCHORED_VERSION_PATTERN en lib / rubygems / version.rb en RubyGems anterior a 1.8.23.2, 1.8.24 hasta 1.8.26, 2.0.x anterior a 2.0.10, 2.1.5 y 2.1.x anterior a , como se usa en Ruby 1.9.0 hasta 2.0.0p247, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de una versión gem manipulada que provoca una gran cantidad de retroceso en una expresión regular. NOTA: este problema se debe a una corrección incompleta de CVE-2013-4287.", }, ], id: "CVE-2013-4363", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-10-17T23:55:04.440", references: [ { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2013/09/14/3", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2013/09/18/8", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2013/09/20/1", }, { source: "secalert@redhat.com", url: "https://puppet.com/security/cve/cve-2013-4363", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2013/09/14/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2013/09/18/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2013/09/20/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://puppet.com/security/cve/cve-2013-4363", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-310", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-11-16 18:29
Modified
2024-11-21 03:52
Severity ?
Summary
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | 2.6.0 | |
| ruby-lang | ruby | 2.6.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 7.4 | |
| redhat | enterprise_linux | 7.5 | |
| redhat | enterprise_linux | 7.6 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "4F4CB899-0054-44BB-A3BD-FB225CC663DB", versionEndIncluding: "2.3.7", versionStartIncluding: "2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "4A07531E-A788-41ED-8C5D-AAB2F532EA7A", versionEndIncluding: "2.4.4", versionStartIncluding: "2.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "70C32AF6-57D9-4F85-857B-4EFC425D9145", versionEndIncluding: "2.5.1", versionStartIncluding: "2.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1:*:*:*:*:*:*", matchCriteriaId: "787FDFC6-E780-4F95-9E46-C5CF77E7EBC7", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.6.0:preview2:*:*:*:*:*:*", matchCriteriaId: "49B6EEAA-B52E-42B9-A6C2-D65D7C81A0EC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*", matchCriteriaId: "041F9200-4C01-4187-AE34-240E8277B54D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*", matchCriteriaId: "4EB48767-F095-444F-9E05-D9AC345AB803", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*", matchCriteriaId: "5F6FA12B-504C-4DBF-A32E-0548557AA2ED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.", }, { lang: "es", value: "Se ha descubierto un problema en Ruby, en versiones anteriores a la 2.3.8, versiones 2.4.x anteriores a la 2.4.5, versiones 2.5.x anteriores a la 2.5.2 y versiones 2.6.x anteriores a la 2.6.0-preview3. No contamina las cadenas que resultan de desempaquetar cadenas contaminadas con algunos formatos.", }, ], id: "CVE-2018-16396", lastModified: "2024-11-21T03:52:40.320", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-11-16T18:29:01.083", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1042106", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2019:2028", }, { source: "cve@mitre.org", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://hackerone.com/reports/385070", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190221-0002/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3808-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4332", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1042106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2019:2028", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://hackerone.com/reports/385070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190221-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3808-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4332", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-09-06 21:29
Modified
2025-04-20 01:37
Severity ?
Summary
The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/07/13/6 | Mailing List, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1032874 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/ruby/www.ruby-lang.org/issues/817 | Third Party Advisory | |
| cve@mitre.org | https://www.ruby-lang.org/en/news/2014/08/19/ruby-1-9-2-p330-released/ | Patch, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/07/13/6 | Mailing List, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032874 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ruby/www.ruby-lang.org/issues/817 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ruby-lang.org/en/news/2014/08/19/ruby-1-9-2-p330-released/ | Patch, Release Notes, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "D1160F68-30A1-43BB-B495-8DFDDF36462F", versionEndIncluding: "1.9.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string.", }, { lang: "es", value: "El método URI.decode_www_form_component en versiones de Ruby anteriores a la 1.9.2-p330 permite que atacantes remotos provoquen una denegación de servicio (expresión regular catastrófica, consumo de recursos o bloqueo de la aplicación) utilizando un string manipulado.", }, ], id: "CVE-2014-6438", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-09-06T21:29:00.253", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "VDB Entry", ], url: "http://www.openwall.com/lists/oss-security/2015/07/13/6", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032874", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/ruby/www.ruby-lang.org/issues/817", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2014/08/19/ruby-1-9-2-p330-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "VDB Entry", ], url: "http://www.openwall.com/lists/oss-security/2015/07/13/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032874", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/ruby/www.ruby-lang.org/issues/817", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2014/08/19/ruby-1-9-2-p330-released/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-03-02 20:00
Modified
2025-04-11 00:51
Severity ?
Summary
The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*", matchCriteriaId: "876B2575-4F81-4A70-9A88-9BEE44649626", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6-420:*:*:*:*:*:*:*", matchCriteriaId: "6AE63237-91FC-45BD-928F-AA428E2FFD95", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*", matchCriteriaId: "2D86FC99-3521-4E22-8FD3-65CEB05A6342", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7-330:*:*:*:*:*:*:*", matchCriteriaId: "3684A343-ABD7-4B80-993C-1F3CC0F983DF", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.8:dev:*:*:*:*:*:*", matchCriteriaId: "3FAFAB6A-3299-4BEE-BDB9-3918DDA5D3DB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname.", }, { lang: "es", value: "La funcionalidad safe-level de Ruby 1.8.6 hasta la versión 1.8.6-420, 1.8.7 hasta la 1.8.7-330 y 1.8.8dev permite a atacantes, dependiendo del contexto, modificar cadenas de texto a través del método Exception#to_s method, como se ha demostrado cambiando el pathname previsto.", }, ], id: "CVE-2011-1005", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-03-02T20:00:01.880", references: [ { source: "secalert@redhat.com", url: "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054422.html", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054436.html", }, { source: "secalert@redhat.com", url: "http://osvdb.org/70957", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/43420", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/43573", }, { source: "secalert@redhat.com", url: "http://support.apple.com/kb/HT5281", }, { source: "secalert@redhat.com", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:097", }, { source: "secalert@redhat.com", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:098", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2011/02/21/2", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2011/02/21/5", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2011-0908.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2011-0909.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2011-0910.html", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/46458", }, { source: "secalert@redhat.com", url: "http://www.vupen.com/english/advisories/2011/0539", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=678920", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054422.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054436.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/70957", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/43420", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/43573", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.apple.com/kb/HT5281", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:097", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:098", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2011/02/21/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2011/02/21/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2011-0908.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2011-0909.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2011-0910.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/46458", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2011/0539", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=678920", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-02-20 06:47
Modified
2025-04-09 00:30
Severity ?
Summary
ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8:*:*:*:*:*:*:*", matchCriteriaId: "3EA01D6F-3B61-44EC-A6EA-9E878A0D5B99", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*", matchCriteriaId: "D9237145-35F8-4E05-B730-77C0F386E5B2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate.", }, { lang: "es", value: "ext/openssl/ossl_ocsp.c en Ruby v1.8 y v1.9 no comprueba adecuadamente el valor de retorno de la funcion OCSP_basic_verify, lo cual permitiria a atacantes remotos tener exito en la presentacion de un certificado X.509 invalido, posiblemente utilizando un certificado revocado.", }, ], id: "CVE-2009-0642", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-02-20T06:47:48.297", references: [ { source: "cve@mitre.org", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513528", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://redmine.ruby-lang.org/issues/show/1091", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/33750", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/35699", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/35937", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:193", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2009-1140.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/33769", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id?1022505", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-805-1", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48761", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11450", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513528", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://redmine.ruby-lang.org/issues/show/1091", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/33750", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/35699", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/35937", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:193", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2009-1140.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/33769", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1022505", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-805-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48761", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11450", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-08-18 02:52
Modified
2025-04-11 00:51
Severity ?
Summary
The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | 1.8.6-26 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6-26:*:*:*:*:*:*:*", matchCriteriaId: "B220C471-4586-437E-B20C-D2D893B86D1C", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*", matchCriteriaId: "2D86FC99-3521-4E22-8FD3-65CEB05A6342", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p160:*:*:*:*:*:*", matchCriteriaId: "F81AB75D-9B8D-4880-A1FE-3DB24875BD1E", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*", matchCriteriaId: "84A291B0-EABD-4572-B8E2-2457DBAEDC92", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p173:*:*:*:*:*:*", matchCriteriaId: "8B8B0853-F277-4EF2-A3A2-FC88891AA175", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p174:*:*:*:*:*:*", matchCriteriaId: "470F9991-8033-49A2-B996-4D3595C221F4", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*", matchCriteriaId: "1FE05F3A-A8B5-45EE-BF52-D55E2768F890", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p248:*:*:*:*:*:*", matchCriteriaId: "9672DC94-7550-40C1-8FF3-5BD2DC1FA3B6", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p249:*:*:*:*:*:*", matchCriteriaId: "CDE72BB9-07AB-446A-81BE-85AF243BF3A2", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p299:*:*:*:*:*:*", matchCriteriaId: "55D77438-86CE-4256-8285-EB9CE372D0AD", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p301:*:*:*:*:*:*", matchCriteriaId: "404E191A-E394-4774-B1FB-2A7BB1558F0B", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p302:*:*:*:*:*:*", matchCriteriaId: "C1232504-801A-4EDD-A967-D22469181551", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p330:*:*:*:*:*:*", matchCriteriaId: "51F327AA-0F3A-4F81-AD6A-4CF36055D034", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p334:*:*:*:*:*:*", matchCriteriaId: "40E2C5E5-CB07-4CFE-A539-C199D76174F6", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p352:*:*:*:*:*:*", matchCriteriaId: "C5A64D8C-C117-4315-A2A3-2786D20BDE07", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p357:*:*:*:*:*:*", matchCriteriaId: "AFD81C81-4DE3-48F1-93F1-C6817F32AFBB", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p358:*:*:*:*:*:*", matchCriteriaId: "57813DB6-4CD3-4D6D-8028-65B71A34AC31", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p370:*:*:*:*:*:*", matchCriteriaId: "2FAA3BCC-496A-4D6D-8743-8022B202754D", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p371:*:*:*:*:*:*", matchCriteriaId: "8E4E7672-8D44-46E7-9E9F-4B763602322E", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p373:*:*:*:*:*:*", matchCriteriaId: "8A922B74-1853-43CB-AD6C-C5B0C10B1563", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*", matchCriteriaId: "0C6D66E2-3E10-4DEA-9E6B-53A5DE78AFCF", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p72:*:*:*:*:*:*", matchCriteriaId: "17AA24B4-30C7-4D46-A55C-A5CC7C446436", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*", matchCriteriaId: "4E37786B-5336-4182-A1E3-801BDB6F61EC", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*", matchCriteriaId: "349D014E-223A-46A7-8334-543DB330C215", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*", matchCriteriaId: "550EC183-43A1-4A63-A23C-A48C1F078451", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*", matchCriteriaId: "0ACECF59-AA88-4B5C-A671-83842C9CF072", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*", matchCriteriaId: "D0535DC9-EB0E-4745-80AC-4A020DF26E38", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*", matchCriteriaId: "94F5AA37-B466-4E2E-B217-5119BADDD87B", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*", matchCriteriaId: "6DF0F0F5-4022-4837-9B40-4B1127732CC9", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*", matchCriteriaId: "B3848B08-85C2-4AAD-AA33-CCEB80EF5B32", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*", matchCriteriaId: "B7927D40-2A3A-43AD-99F6-CE61882A1FF4", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*", matchCriteriaId: "AA406EC6-6CA5-40A6-A879-AA8940CBEF07", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p385:*:*:*:*:*:*", matchCriteriaId: "1D041884-3921-4466-9A48-F644FDDA9D50", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p392:*:*:*:*:*:*", matchCriteriaId: "397A2EA7-6F83-427B-8578-3794EBF04849", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p426:*:*:*:*:*:*", matchCriteriaId: "298A5681-F756-4952-A9F8-E4C76736DF8F", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p429:*:*:*:*:*:*", matchCriteriaId: "BC5A12F7-47E2-4AC7-A41B-F4B01319002D", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*", matchCriteriaId: "D2423B85-0971-42AC-8B64-819008BC5778", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*", matchCriteriaId: "1C663278-3B2A-4B7C-959A-2AA804467F21", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1:*:*:*:*:*:*", matchCriteriaId: "CB116A84-1652-4F5D-98AC-81F0349EEDC0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2:*:*:*:*:*:*", matchCriteriaId: "259C21E7-6084-4710-9BB3-C232942A451E", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*", matchCriteriaId: "285A3431-BDFE-40C5-92CD-B18217757C23", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*", matchCriteriaId: "D66B32CB-AC49-4A1C-85ED-6389F27CB319", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.", }, { lang: "es", value: "La función OpenSSL::SSL.verify_certificate_identity en lib/openssl/ssl.rb en Ruby v1.8 anterior a v1.8.7-p374, v1.9 anterior a v1.9.3-p448, y v2.0 anterior a v2.0.0-p247 no manejar adecuadamente un carácter “\\0” en un nombre de dominio en el campo Subject Alternative Name de un certificado X.509, lo que permite a atacantes \"man-in-the-middle\" suplantar servidores SSL de su elección mediante un certificado manipulado expedido por una Autoridad Certificadora legítima, un problema relacionado con CVE-2009-2408.", }, ], id: "CVE-2013-4073", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-08-18T02:52:22.917", references: [ { source: "cve@mitre.org", url: "http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel%21", }, { source: "cve@mitre.org", url: "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2013-07/msg00042.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2013-07/msg00044.html", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2013-1090.html", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2013-1103.html", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2013-1137.html", }, { source: "cve@mitre.org", url: "http://support.apple.com/kb/HT6150", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2013/dsa-2738", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2013/dsa-2809", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-1902-1", }, { source: "cve@mitre.org", url: "https://bugzilla.redhat.com/show_bug.cgi?id=979251", }, { source: "cve@mitre.org", url: "https://puppet.com/security/cve/cve-2013-4073", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel%21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2013-07/msg00042.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2013-07/msg00044.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2013-1090.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2013-1103.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2013-1137.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.apple.com/kb/HT6150", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2013/dsa-2738", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2013/dsa-2809", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-1902-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=979251", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://puppet.com/security/cve/cve-2013-4073", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-310", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-06-24 19:41
Modified
2025-04-09 00:30
Severity ?
Summary
The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| debian | debian_linux | 4.0 | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 7.04 | |
| canonical | ubuntu_linux | 7.10 | |
| canonical | ubuntu_linux | 8.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "D65BD5CD-5ECE-4294-B8E6-D0276FE8CC98", versionEndIncluding: "1.8.4", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "3A289D5F-E8F3-4102-BF83-C63114DFE32C", versionEndExcluding: "1.8.5.231", versionStartExcluding: "1.8.5", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "ABA0AC75-6B7E-48BD-891F-3FB312B9BA25", versionEndExcluding: "1.8.6.230", versionStartIncluding: "1.8.6", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "5EDF7713-E20F-4EED-A323-98902450FD09", versionEndExcluding: "1.8.7.22", versionStartIncluding: "1.8.7", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "9DDF08CB-5F01-49ED-9DDB-ED39C8B0423E", versionEndExcluding: "1.9.0.2", versionStartIncluding: "1.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", matchCriteriaId: "0F92AB32-E7DE-43F4-B877-1F41FA162EC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", matchCriteriaId: "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", matchCriteriaId: "6EBDAFF8-DE44-4E80-B6BD-E341F767F501", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", matchCriteriaId: "823BF8BE-2309-4F67-A5E2-EAD98F723468", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", matchCriteriaId: "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.", }, { lang: "es", value: "La función rb_str_format en Ruby 1.8.4 y anteriores, 1.8.5 anterior a 1.8.5-p231, 1.8.6 anterior a 1.8.6-p230, 1.8.7 anterior a 1.8.7-p22 y 1.9.0 anterior a 1.9.0-2 permite a atacantes dependientes del contexto disparar una corrupción de memoria mediante vectores no especificados relacionados con alloca, un problema distinto a CVE-2008-2662, CVE-2008-2663 y CVE-2008-2725. NOTA: a fecha de 24-06-2008, ha habido un uso inconsistente de múltiples identificadores CVE relacionados con Ruby. La descripción CVE debe ser tomada como autorizada aunque probablemente cambie.", }, ], id: "CVE-2008-2664", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-06-24T19:41:00.000", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30802", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30831", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30867", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30875", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30894", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31062", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31090", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31181", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31256", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31687", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/33178", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT2163", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2008/dsa-1612", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2008/dsa-1618", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0561.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ruby-forum.com/topic/157034", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/493688/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/29903", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1020347", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/usn-621-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2008/1907/references", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43348", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://issues.rpath.com/browse/RPL-2626", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9646", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30802", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30831", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30867", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30875", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30894", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31062", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31090", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31181", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31256", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31687", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/33178", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT2163", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2008/dsa-1612", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2008/dsa-1618", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0561.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ruby-forum.com/topic/157034", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/493688/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/29903", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1020347", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/usn-621-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2008/1907/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43348", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://issues.rpath.com/browse/RPL-2626", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9646", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-26 05:15
Modified
2024-11-21 01:31
Severity ?
Summary
The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2013/07/01/1 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/security/cve/cve-2011-4121 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4121 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://security-tracker.debian.org/tracker/CVE-2011-4121 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2013/07/01/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2011-4121 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4121 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2011-4121 | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "1DDD1CC4-D142-444E-B0A8-8A6F7063F116", versionEndExcluding: "1.9.3", versionStartIncluding: "1.8.7.334", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism.", }, { lang: "es", value: "La extensión OpenSSL de Ruby (Git trunk) versiones posteriores al 01-09-2011 hasta el 03-11-2011, siempre generó un valor de exponente de \"1\" para ser usado para la generación de claves RSA privadas. Un atacante remoto podría usar este fallo para omitir o dañar la integridad de los servicios, dependiendo de un mecanismo de generación de claves RSA privadas fuerte.", }, ], id: "CVE-2011-4121", lastModified: "2024-11-21T01:31:53.367", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-26T05:15:13.960", references: [ { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2013/07/01/1", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/cve-2011-4121", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4121", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2011-4121", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2013/07/01/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/cve-2011-4121", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4121", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2011-4121", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-326", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-26 18:15
Modified
2024-11-21 04:30
Severity ?
Summary
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "A6EFA741-C6E9-4362-AE58-785B0053A2A7", versionEndIncluding: "2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "A2C45233-D18A-47C8-8D49-BB05ADD50D88", versionEndIncluding: "2.4.7", versionStartIncluding: "2.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "6E259007-36E1-418F-8493-A5A7928129F6", versionEndIncluding: "2.5.6", versionStartIncluding: "2.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "E746C3E0-0162-4487-AB58-2579B2BE1FD4", versionEndIncluding: "2.6.4", versionStartIncluding: "2.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.", }, { lang: "es", value: "Ruby versiones hasta 2.4.7, versiones 2.5.x hasta 2.5.6 y versiones 2.6.x hasta 2.6.4, permite HTTP Response Splitting. Si un programa que utiliza WEBrick inserta información no segura en el encabezado de respuesta, un atacante puede explotarlo para insertar un carácter newline para dividir un encabezado e inyectar contenido malicioso para engañar a los clientes. NOTA: este problema se presenta debido a una solución incompleta de CVE-2017-17742, que abordó el vector CRLF, pero no abordó un CR aislado o un LF aislado.", }, ], id: "CVE-2019-16254", lastModified: "2024-11-21T04:30:23.863", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-26T18:15:15.210", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://hackerone.com/reports/331984", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", }, { source: "cve@mitre.org", url: "https://seclists.org/bugtraq/2019/Dec/31", }, { source: "cve@mitre.org", url: "https://seclists.org/bugtraq/2019/Dec/32", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/202003-06", }, { source: "cve@mitre.org", url: "https://www.debian.org/security/2019/dsa-4586", }, { source: "cve@mitre.org", url: "https://www.debian.org/security/2019/dsa-4587", }, { source: "cve@mitre.org", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/ja/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://hackerone.com/reports/331984", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://seclists.org/bugtraq/2019/Dec/31", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://seclists.org/bugtraq/2019/Dec/32", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202003-06", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.debian.org/security/2019/dsa-4586", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.debian.org/security/2019/dsa-4587", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/ja/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-27 16:15
Modified
2025-02-14 16:22
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rubyonrails | rails | * | |
| ruby-lang | ruby | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*", matchCriteriaId: "F37CC5DE-B363-478B-B8F2-393412E05802", versionEndExcluding: "7.1.3.1", versionStartIncluding: "7.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "F841AE5D-60DD-4E3A-854A-9B7B906BF7E7", versionEndExcluding: "3.2.0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected.", }, { lang: "es", value: "Rails es un framework de aplicación web. A partir de la versión 7.1.0, existe una posible vulnerabilidad ReDoS en las rutinas de análisis del encabezado Aceptar de Action Dispatch. Esta vulnerabilidad está parcheada en 7.1.3.1. Ruby 3.2 tiene mitigaciones para este problema, por lo que las aplicaciones Rails que usan Ruby 3.2 o posterior no se ven afectadas.", }, ], id: "CVE-2024-26142", lastModified: "2025-02-14T16:22:23.763", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-27T16:15:46.600", references: [ { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240503-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240503-0003/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-1333", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-1333", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-09 18:15
Modified
2024-11-21 06:57
Severity ?
Summary
A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "3BD89956-E0A9-46F1-BA21-48C29B7CF634", versionEndExcluding: "3.0.4", versionStartIncluding: "3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "D78DCF3F-3444-4E43-B278-30E6A905D315", versionEndExcluding: "3.1.2", versionStartIncluding: "3.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.", }, { lang: "es", value: "Se ha encontrado una doble liberación en el compilador de Regexp en Ruby versiones 3.x anteriores a 3.0.4 y versiones 3.1.x anteriores a 3.1.2. Si una víctima intenta crear un Regexp a partir de una entrada de usuario no confiable, un atacante puede ser capaz de escribir en ubicaciones de memoria no esperadas", }, ], id: "CVE-2022-28738", lastModified: "2024-11-21T06:57:50.320", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-09T18:15:08.490", references: [ { source: "cve@mitre.org", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://hackerone.com/reports/1220911", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2022-28738", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/202401-27", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220624-0002/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://hackerone.com/reports/1220911", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2022-28738", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202401-27", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220624-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-415", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-01-01 05:15
Modified
2024-11-21 06:26
Severity ?
Summary
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | date | * | |
| ruby-lang | date | * | |
| ruby-lang | date | * | |
| ruby-lang | date | 3.2.0 | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| redhat | software_collections | - | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| suse | linux_enterprise | 12.0 | |
| suse | linux_enterprise | 15.0 | |
| opensuse | factory | - | |
| opensuse | leap | 15.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:date:*:*:*:*:*:ruby:*:*", matchCriteriaId: "4F906DCD-2E20-4503-8D48-34A8DD858A62", versionEndExcluding: "2.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:date:*:*:*:*:*:ruby:*:*", matchCriteriaId: "553D1CED-8FDA-45B1-A1D9-866A915E581E", versionEndExcluding: "3.0.2", versionStartIncluding: "3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:date:*:*:*:*:*:ruby:*:*", matchCriteriaId: "CD9C7701-F92C-476E-B833-C990410CDB55", versionEndExcluding: "3.1.2", versionStartIncluding: "3.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:date:3.2.0:*:*:*:*:ruby:*:*", matchCriteriaId: "243E15F0-8B4A-480E-8ECF-016D4D6611A3", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "77EF3309-2FD3-469A-BAA2-D6425F259B27", versionEndExcluding: "2.6.9", versionStartIncluding: "2.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "D7B53365-0B48-4408-A4A7-9A3744F89F07", versionEndExcluding: "2.7.5", versionStartIncluding: "2.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "D4499575-33A0-47D7-A88B-0E6FD2340792", versionEndExcluding: "3.0.3", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*", matchCriteriaId: "749804DA-4B27-492A-9ABA-6BB562A6B3AC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*", matchCriteriaId: "CBC8B78D-1131-4F21-919D-8AC79A410FB9", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise:15.0:*:*:*:*:*:*:*", matchCriteriaId: "1607628F-77A7-4C1F-98DF-0DC50AE8627D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*", matchCriteriaId: "E29492E1-43D8-43BF-94E3-26A762A66FAA", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.", }, { lang: "es", value: "Date.parse en date gem versiones hasta 3.2.0 para Ruby, permite ReDoS (expresión regular de denegación de servicio) por medio de una cadena larga. Las versiones corregidas son 3.2.1, 3.1.2, 3.0.2 y 2.0.1.\n", }, ], id: "CVE-2021-41817", lastModified: "2024-11-21T06:26:48.700", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-01-01T05:15:08.197", references: [ { source: "cve@mitre.org", tags: [ "Permissions Required", ], url: "https://hackerone.com/reports/1254844", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/202401-27", }, { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "https://hackerone.com/reports/1254844", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202401-27", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-1333", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-26 18:15
Modified
2024-11-21 04:30
Severity ?
Summary
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "A2C45233-D18A-47C8-8D49-BB05ADD50D88", versionEndIncluding: "2.4.7", versionStartIncluding: "2.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "6E259007-36E1-418F-8493-A5A7928129F6", versionEndIncluding: "2.5.6", versionStartIncluding: "2.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "E746C3E0-0162-4487-AB58-2579B2BE1FD4", versionEndIncluding: "2.6.4", versionStartIncluding: "2.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:19.3.0.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "6B257954-6EF3-4CBF-A8A7-699F70F98153", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the \"command\" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.", }, { lang: "es", value: "Ruby versiones hasta 2.4.7, versiones 2.5.x hasta 2.5.6 y versiones 2.6.x hasta 2.6.4, permite una inyección de código si el primer argumento (también conocido como el argumento \"command\") para Shell#[] o Shell#test en la biblioteca lib/shell.rb es un dato no seguro. Un atacante puede explotar esto para llamar a un método de Ruby arbitrario.", }, ], id: "CVE-2019-16255", lastModified: "2024-11-21T04:30:24.033", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-26T18:15:15.303", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://hackerone.com/reports/327512", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Dec/31", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Dec/32", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202003-06", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4587", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/ja/news/2019/10/01/code-injection-shell-test-cve-2019-16255/", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://hackerone.com/reports/327512", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Dec/31", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Dec/32", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202003-06", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4587", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/ja/news/2019/10/01/code-injection-shell-test-cve-2019-16255/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-4-8-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-5-7-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://www.ruby-lang.org/ja/news/2019/10/01/ruby-2-6-5-released/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-11-15 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | * | |
| ruby-lang | ruby | 2.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.1 | |
| ruby-lang | ruby | 2.1 | |
| ruby-lang | ruby | 2.1.1 | |
| ruby-lang | ruby | 2.1.2 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_hpc_node | 7.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 14.10 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "814D61DB-61B7-49C1-B23C-1877CDF35011", versionEndIncluding: "1.9.3", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*", matchCriteriaId: "90E0471D-1323-4E67-B66C-DEBF3BBAEEAA", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B03B7561-A854-4EFA-9E4E-CFC4EEAE4EE1", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*", matchCriteriaId: "D2423B85-0971-42AC-8B64-819008BC5778", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*", matchCriteriaId: "1C663278-3B2A-4B7C-959A-2AA804467F21", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*", matchCriteriaId: "B7927149-A76A-48BC-8405-7375FC7D7486", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1:*:*:*:*:*:*", matchCriteriaId: "CB116A84-1652-4F5D-98AC-81F0349EEDC0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2:*:*:*:*:*:*", matchCriteriaId: "259C21E7-6084-4710-9BB3-C232942A451E", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*", matchCriteriaId: "285A3431-BDFE-40C5-92CD-B18217757C23", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*", matchCriteriaId: "D66B32CB-AC49-4A1C-85ED-6389F27CB319", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1:-:*:*:*:*:*:*", matchCriteriaId: "77020036-DC99-461B-9A36-E8C0BE44E6B8", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1:preview1:*:*:*:*:*:*", matchCriteriaId: "7A2C6617-222D-4EA3-A194-4D69B10197DE", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "8DF046E4-503B-4A10-BEAB-3144BD86EA49", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*", matchCriteriaId: "9FCA45F1-3038-413A-B8C3-EE366A4E6248", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", matchCriteriaId: "3C84489B-B08C-4854-8A12-D01B6E45CF79", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", matchCriteriaId: "49A63F39-30BE-443F-AF10-6245587D3359", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.", }, { lang: "es", value: "Error de superación de límite (off-by-one) en la función de codificación ubicada en pack.c en Ruby 1.9.3 y anteriores, y 2.x hasta 2.1.2, cuando se utilizan ciertos especificadores de formato de cadena, permite a atacantes dependientes de contexto provocar una denegación de servicio (fallo de segmentación) a través de vectores que provocan un desbordamiento de buffer basado en pila.", }, ], id: "CVE-2014-4975", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-11-15T20:59:01.453", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://advisories.mageia.org/MGASA-2014-0472.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1912.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1913.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1914.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=46778", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2015/dsa-3157", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:129", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2014/07/09/13", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/68474", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2397-1", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://bugs.ruby-lang.org/issues/10019", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1118158", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94706", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://advisories.mageia.org/MGASA-2014-0472.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1912.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1913.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1914.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=46778", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2015/dsa-3157", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:129", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2014/07/09/13", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/68474", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2397-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://bugs.ruby-lang.org/issues/10019", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1118158", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94706", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-05-24 15:29
Modified
2025-04-20 01:37
Severity ?
Summary
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:1296 | Third Party Advisory | |
| cve@mitre.org | https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/kkos/oniguruma/issues/59 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:1296 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kkos/oniguruma/issues/59 | Exploit, Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oniguruma_project:oniguruma:6.2.0:*:*:*:*:*:*:*", matchCriteriaId: "71A9EC32-B30C-40DF-9937-654BC977DCC4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:php:php:*:*:*:*:*:oniguruma-mod:*:*", matchCriteriaId: "0F46CC6A-6949-4C1A-A615-EF23267A640C", versionEndIncluding: "7.1.5", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:oniguruma-mod:*:*", matchCriteriaId: "7843E796-2E53-442D-B27E-3F9718F9BD2D", versionEndIncluding: "2.4.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", matchCriteriaId: "00E9E5A8-4C71-471D-97E9-FDE368D1EB71", versionEndExcluding: "5.6.31", versionStartIncluding: "5.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", matchCriteriaId: "ABE3BCB8-C2C7-4E44-A4D2-AA1DAE9555DB", versionEndExcluding: "7.0.21", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", matchCriteriaId: "5799FA9F-8C0B-4B86-9D2C-558DFF64AA6C", versionEndExcluding: "7.1.7", versionStartIncluding: "7.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.", }, { lang: "es", value: "Se descubrió un problema en Oniguruma versión 6.2.0, como es usado en Oniguruma-mod en Ruby hasta versión 2.4.1 y mbstring en PHP hasta versión 7.1.5. Un SIGSEGV se produce en la función left_adjust_char_head() durante la compilación de expresiones regulares. El manejo no válido de reg-)dmax en forward_search_range() podría resultar en una desreferencia de puntero no válida, normalmente como una condición de denegación de servicio inmediata.", }, ], id: "CVE-2017-9229", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-05-24T15:29:00.417", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:1296", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/kkos/oniguruma/issues/59", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:1296", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/kkos/oniguruma/issues/59", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-02-28 17:15
Modified
2024-11-21 05:33
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*", matchCriteriaId: "4556E64B-1B65-4A1B-815E-3FFF181459A4", versionEndIncluding: "3.12.3", vulnerable: true, }, { criteria: "cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*", matchCriteriaId: "8E03463F-61DD-4FE9-97FE-F9BA7DC394A1", versionEndIncluding: "4.3.2", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "A6EFA741-C6E9-4362-AE58-785B0053A2A7", versionEndIncluding: "2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "A2C45233-D18A-47C8-8D49-BB05ADD50D88", versionEndIncluding: "2.4.7", versionStartIncluding: "2.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "6E259007-36E1-418F-8493-A5A7928129F6", versionEndIncluding: "2.5.6", versionStartIncluding: "2.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "E746C3E0-0162-4487-AB58-2579B2BE1FD4", versionEndIncluding: "2.6.4", versionStartIncluding: "2.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.7.0:preview1:*:*:*:*:*:*", matchCriteriaId: "2432507A-794D-4538-AC2D-4E4739ABD299", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters.", }, { lang: "es", value: "En Puma (RubyGem) anterior a la versión 4.3.2 y anterior a la versión 3.12.3, si una aplicación que usa Puma permite la entrada no segura en un encabezado de respuesta, un atacante puede usar caracteres de nueva línea (es decir, `CR`,` LF` o` / r`, ` / n`) para finalizar el encabezado e inyectar contenido malicioso, como encabezados adicionales o un cuerpo de respuesta completamente nuevo. Esta vulnerabilidad se conoce como división de respuesta HTTP. Si bien no es un ataque en sí mismo, la división de la respuesta es un vector para varios otros ataques, como las secuencias de cross-site scripting (XSS). Esto está relacionado con CVE-2019-16254, que corrigió esta vulnerabilidad para el servidor web WEBrick Ruby. Esto se ha solucionado en las versiones 4.3.2 y 3.12.3 verificando todos los encabezados para ver los finales de línea y rechazando los encabezados con esos caracteres.", }, ], id: "CVE-2020-5247", lastModified: "2024-11-21T05:33:45.570", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 3.7, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-02-28T17:15:12.220", references: [ { source: "security-advisories@github.com", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v", }, { source: "security-advisories@github.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMJ3CGZ3DLBJ5WUUKMI5ZFXFJQMXJZIK/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIHVO3CQMU7BZC7FCTSRJ33YDNS3GFPK/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ3LL5F5QADB6LM46GXZETREAKZMQNRD/", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://owasp.org/www-community/attacks/HTTP_Response_Splitting", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMJ3CGZ3DLBJ5WUUKMI5ZFXFJQMXJZIK/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIHVO3CQMU7BZC7FCTSRJ33YDNS3GFPK/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ3LL5F5QADB6LM46GXZETREAKZMQNRD/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://owasp.org/www-community/attacks/HTTP_Response_Splitting", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-113", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-26 17:15
Modified
2024-11-21 04:29
Severity ?
Summary
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| canonical | ubuntu_linux | 19.10 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "A2C45233-D18A-47C8-8D49-BB05ADD50D88", versionEndIncluding: "2.4.7", versionStartIncluding: "2.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "6E259007-36E1-418F-8493-A5A7928129F6", versionEndIncluding: "2.5.6", versionStartIncluding: "2.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "E746C3E0-0162-4487-AB58-2579B2BE1FD4", versionEndIncluding: "2.6.4", versionStartIncluding: "2.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.", }, { lang: "es", value: "Ruby versiones hasta 2.4.7, versiones 2.5.x hasta 2.5.6 y versiones 2.6.x hasta 2.6.4, maneja inapropiadamente la comprobación de ruta dentro de las funciones File.fnmatch.", }, ], id: "CVE-2019-15845", lastModified: "2024-11-21T04:29:35.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-26T17:15:11.890", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://hackerone.com/reports/449617", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Dec/31", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Dec/32", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/202003-06", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4201-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4587", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://hackerone.com/reports/449617", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Dec/31", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Dec/32", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202003-06", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4201-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4587", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-09-30 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*", matchCriteriaId: "E22179A8-F51E-4F78-8A42-E579F43729F4", versionEndIncluding: "4.0.5", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E3C18671-5FB1-4C97-9FDD-6D495A748DF9", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "ECFAD875-6DB0-4D40-9A11-E02DA954B197", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "A1CC46D4-E33E-467C-B5C7-8F371D906A46", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:4.0.4:*:*:*:*:*:*:*", matchCriteriaId: "2595C046-B304-42F3-8194-C259EFDBCA76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "264DD094-A8CD-465D-B279-C834DDA5F79C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.", }, { lang: "es", value: "ext/common/ServerInstanceDir.h en Phusion Passenger gem anteriores a 4.0.6 para Ruby permite a usuarios locales obtener privilegios o posiblemente cambiar el propietario de directorios arbitrarios a través de un ataque de enlaces simbólicos sobre un directorio con nombre predecible en /tmp/.", }, ], id: "CVE-2013-4136", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-09-30T21:55:07.223", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1136.html", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2013/07/16/6", }, { source: "secalert@redhat.com", url: "https://code.google.com/p/phusion-passenger/issues/detail?id=910", }, { source: "secalert@redhat.com", url: "https://github.com/phusion/passenger/blob/release-4.0.6/NEWS", }, { source: "secalert@redhat.com", url: "https://github.com/phusion/passenger/commit/5483b3292cc2af1c83033eaaadec20dba4dcfd9b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1136.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2013/07/16/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://code.google.com/p/phusion-passenger/issues/detail?id=910", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/phusion/passenger/blob/release-4.0.6/NEWS", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/phusion/passenger/commit/5483b3292cc2af1c83033eaaadec20dba4dcfd9b", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-59", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-04-03 05:59
Modified
2025-04-20 01:37
Severity ?
Summary
The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/97304 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://bugs.ruby-lang.org/issues/13234 | Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/57660 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97304 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.ruby-lang.org/issues/13234 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/57660 | Issue Tracking, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "F9E99F5A-E693-43E9-8AB3-A3FCB21BCF14", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression.", }, { lang: "es", value: "La función parse_char_class en regparse.c en la Onigmo (también conocida como Oniguruma-mod) libreria de expresión regular,como se utiliza en Ruby 2.4.0, permite a atacantes remotos provocar una denegación de servicio (recursión profunda y caída de la aplicación) a través de una expresión regular manipulada.", }, ], id: "CVE-2017-6181", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-03T05:59:00.847", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97304", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugs.ruby-lang.org/issues/13234", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/57660", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97304", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugs.ruby-lang.org/issues/13234", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/57660", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-06-24 19:41
Modified
2025-04-09 00:30
Severity ?
Summary
Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "REALLOC_N" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| debian | debian_linux | 4.0 | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 7.04 | |
| canonical | ubuntu_linux | 7.10 | |
| canonical | ubuntu_linux | 8.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "D65BD5CD-5ECE-4294-B8E6-D0276FE8CC98", versionEndIncluding: "1.8.4", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "C1836C3C-2EE4-43D0-965A-0269948C282B", versionEndExcluding: "1.8.5.231", versionStartIncluding: "1.8.5", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "ABA0AC75-6B7E-48BD-891F-3FB312B9BA25", versionEndExcluding: "1.8.6.230", versionStartIncluding: "1.8.6", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "5EDF7713-E20F-4EED-A323-98902450FD09", versionEndExcluding: "1.8.7.22", versionStartIncluding: "1.8.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", matchCriteriaId: "0F92AB32-E7DE-43F4-B877-1F41FA162EC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", matchCriteriaId: "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", matchCriteriaId: "6EBDAFF8-DE44-4E80-B6BD-E341F767F501", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", matchCriteriaId: "823BF8BE-2309-4F67-A5E2-EAD98F723468", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", matchCriteriaId: "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the \"REALLOC_N\" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.", }, { lang: "es", value: "Un desbordamiento de enteros en la función (1) rb_ary_splice en Ruby 1.8.4 y versiones anteriores, 1.8.5 anterior a versión 1.8.5-p231, 1.8.6 anterior a versión 1.8.6-p230 y 1.8.7 anterior a versión 1.8.7-p22; y (2) la función rb_ary_replace en 1.6.x permite a los atacantes dependiendo del contexto desencadenar una corrupción en la memoria por medio de vectores no especificados, también se conoce como la variante \"REALLOC_N\", un problema diferente a los CVE-2008-2662, CVE-2008-2663 y CVE-2008-2664. NOTA: a partir de 20080624, ha habido un uso incoherente de varios identificadores CVE relacionados con Ruby. La descripción del CVE debe considerarse autorizada, aunque es probable que cambie.", }, ], id: "CVE-2008-2725", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-06-24T19:41:00.000", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30802", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30831", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30867", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30875", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30894", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31062", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31090", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31181", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31256", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31687", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/33178", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT2163", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2008/dsa-1612", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2008/dsa-1618", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0561.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ruby-forum.com/topic/157034", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/493688/100/0/threaded", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/29903", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1020347", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/usn-621-1", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2008/1907/references", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2727", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43350", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "https://issues.rpath.com/browse/RPL-2626", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9606", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30802", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30831", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30867", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30875", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30894", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31062", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31090", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31181", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31256", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31687", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/33178", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT2163", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2008/dsa-1612", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2008/dsa-1618", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0561.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ruby-forum.com/topic/157034", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/493688/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/29903", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1020347", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/usn-621-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2008/1907/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2727", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43350", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://issues.rpath.com/browse/RPL-2626", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9606", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-189", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-04-25 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kelly_d._redding | kelredd-pruview | 0.3.8 | |
| ruby-lang | ruby | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:kelly_d._redding:kelredd-pruview:0.3.8:*:*:*:*:*:*:*", matchCriteriaId: "AB24E6E5-E18F-4990-92C4-48E3B24E38A3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "264DD094-A8CD-465D-B279-C834DDA5F79C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb.", }, { lang: "es", value: "kelredd-pruview v0.3.8 para Ruby permite a atacantes dependientes de contexto ejecutar comandos arbitrarios vía metacaracteres de shell en un argumento de nombre de archivo a (1) document.rb, (2) video.rb, o (3) video_image.rb.", }, ], id: "CVE-2013-1947", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-04-25T23:55:01.597", references: [ { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2013/04/10/3", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2013/04/12/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2013/04/10/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2013/04/12/2", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-08-27 20:41
Modified
2025-04-09 00:30
Severity ?
Summary
The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explosion."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | 1.8.6 | |
| ruby-lang | ruby | 1.8.6 | |
| ruby-lang | ruby | 1.8.6 | |
| ruby-lang | ruby | 1.8.6 | |
| ruby-lang | ruby | 1.8.6 | |
| ruby-lang | ruby | 1.8.6 | |
| ruby-lang | ruby | 1.8.6 | |
| ruby-lang | ruby | 1.8.6 | |
| ruby-lang | ruby | 1.8.6 | |
| ruby-lang | ruby | 1.8.6 | |
| ruby-lang | ruby | 1.8.6 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.9 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*", matchCriteriaId: "876B2575-4F81-4A70-9A88-9BEE44649626", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:p110:*:*:*:*:*:*", matchCriteriaId: "DF02372D-FD0B-453F-821E-1E0BA7900711", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:p111:*:*:*:*:*:*", matchCriteriaId: "0A6ED369-E564-4D4F-9E23-A8125194EAD0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:p114:*:*:*:*:*:*", matchCriteriaId: "ACC0DB90-C072-4BCB-9082-94394F547D35", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:p230:*:*:*:*:*:*", matchCriteriaId: "4D7ED62B-4D88-46A4-A0A3-BD37E66A5211", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:p286:*:*:*:*:*:*", matchCriteriaId: "072A0C3C-9F47-4DC7-96EA-7980B45429DD", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:p287:*:*:*:*:*:*", matchCriteriaId: "5A686AB7-ADAB-4C14-9F27-4DEBC3328E37", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:p36:*:*:*:*:*:*", matchCriteriaId: "FB0372E4-FE3E-49CD-AF55-E2E4518D34F5", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1:*:*:*:*:*:*", matchCriteriaId: "04579340-B53F-47B5-99C9-B647AAA3D303", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2:*:*:*:*:*:*", matchCriteriaId: "9D7F4162-108A-470B-8E6B-C009E8C56AEF", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3:*:*:*:*:*:*", matchCriteriaId: "73AB0545-3D8D-4623-8381-D71DA44E3B5D", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*", matchCriteriaId: "2D86FC99-3521-4E22-8FD3-65CEB05A6342", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*", matchCriteriaId: "84A291B0-EABD-4572-B8E2-2457DBAEDC92", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*", matchCriteriaId: "1FE05F3A-A8B5-45EE-BF52-D55E2768F890", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*", matchCriteriaId: "0C6D66E2-3E10-4DEA-9E6B-53A5DE78AFCF", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p72:*:*:*:*:*:*", matchCriteriaId: "17AA24B4-30C7-4D46-A55C-A5CC7C446436", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*", matchCriteriaId: "4E37786B-5336-4182-A1E3-801BDB6F61EC", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*", matchCriteriaId: "349D014E-223A-46A7-8334-543DB330C215", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*", matchCriteriaId: "550EC183-43A1-4A63-A23C-A48C1F078451", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*", matchCriteriaId: "0ACECF59-AA88-4B5C-A671-83842C9CF072", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*", matchCriteriaId: "D9237145-35F8-4E05-B730-77C0F386E5B2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an \"XML entity explosion.\"", }, { lang: "es", value: "El módulo REXML en Ruby 1.8.6 hasta la versión 1.8.6-p287, 1.8.7 hasta 1.8.7-p72, y 1.9 permite que atacantes, dependiendo del contexto, provocar una denegación de servicio (agotamiento CPU) a través de un documento XML con entidades anidadas recursivamente, también conocido como \"Explosión de entidades XML\".", }, ], id: "CVE-2008-3790", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-08-27T20:41:00.000", references: [ { source: "cve@mitre.org", url: "http://groups.google.com/group/comp.lang.ruby/browse_thread/thread/19f69e8a081fc0d1/e138e014b74352ca", }, { source: "cve@mitre.org", url: "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/31602", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/32165", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/32219", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/32255", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/32256", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/32371", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/33178", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/33185", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/35074", }, { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { source: "cve@mitre.org", url: "http://support.apple.com/kb/HT3549", }, { source: "cve@mitre.org", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", }, { source: "cve@mitre.org", url: "http://weblog.rubyonrails.org/2008/9/3/rails-2-0-4-maintenance-release", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2008/dsa-1651", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2008/dsa-1652", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2008/08/25/4", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2008/08/26/1", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2008/08/26/4", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", ], url: "http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.ruby-lang.org/security/20080823rexml/rexml-expansion-fix.rb", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/30802", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id?1020735", }, { source: "cve@mitre.org", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-133A.html", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/2428", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/2483", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2009/1297", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44628", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10393", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/651-1/", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/691-1/", }, { source: "cve@mitre.org", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html", }, { source: "cve@mitre.org", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://groups.google.com/group/comp.lang.ruby/browse_thread/thread/19f69e8a081fc0d1/e138e014b74352ca", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/31602", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/32165", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/32219", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/32255", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/32256", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/32371", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/33178", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/33185", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/35074", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.apple.com/kb/HT3549", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://weblog.rubyonrails.org/2008/9/3/rails-2-0-4-maintenance-release", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2008/dsa-1651", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2008/dsa-1652", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2008/08/25/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2008/08/26/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2008/08/26/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.ruby-lang.org/security/20080823rexml/rexml-expansion-fix.rb", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/30802", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1020735", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-133A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/2428", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/2483", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2009/1297", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44628", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10393", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/651-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/691-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-04-03 22:29
Modified
2024-11-21 04:11
Severity ?
Summary
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | 2.6.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 7.4 | |
| redhat | enterprise_linux | 7.5 | |
| redhat | enterprise_linux | 7.6 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "79C0C7FF-8814-4F49-8DFE-8763BE582055", versionEndExcluding: "2.2.10", versionStartIncluding: "2.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "17DC7068-E1B8-4699-BDE0-14305D35D24B", versionEndExcluding: "2.3.7", versionStartIncluding: "2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "7172D61A-F82C-4EB5-9763-611CFE08A09B", versionEndExcluding: "2.4.4", versionStartIncluding: "2.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "4A56E97B-C7E3-48AC-AAEF-4FA056276D03", versionEndExcluding: "2.5.1", versionStartIncluding: "2.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1:*:*:*:*:*:*", matchCriteriaId: "787FDFC6-E780-4F95-9E46-C5CF77E7EBC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", matchCriteriaId: "9070C9D8-A14A-467F-8253-33B966C16886", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*", matchCriteriaId: "041F9200-4C01-4187-AE34-240E8277B54D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*", matchCriteriaId: "4EB48767-F095-444F-9E05-D9AC345AB803", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*", matchCriteriaId: "5F6FA12B-504C-4DBF-A32E-0548557AA2ED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument.", }, { lang: "es", value: "Vulnerabilidad de salto de directorio en el método Dir.mktmpdir en la biblioteca tmpdir en Ruby, en versiones anteriores a la 2.2.10, versiones 2.3.x anteriores a la 2.3.7, versiones 2.4.x anteriores a la 2.4.4, versiones 2.5.x anteriores a la 2.5.1 y la versión 2.6.0-preview1, podría permitir que atacantes creen directorios o archivos arbitrarios mediante un .. (punto punto) en el argumento prefix.", }, ], id: "CVE-2018-6914", lastModified: "2024-11-21T04:11:24.910", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-03T22:29:00.587", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103686", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1042004", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2019:2028", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3626-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4259", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103686", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1042004", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2019:2028", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3626-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4259", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-11-21 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | * | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.1.1 | |
| ruby-lang | ruby | 2.1.2 | |
| ruby-lang | ruby | 2.1.3 | |
| ruby-lang | ruby | 2.1.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:p550:*:*:*:*:*:*", matchCriteriaId: "1C6F683D-B441-4778-B02E-F9A33ADD6597", versionEndIncluding: "1.9.3", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*", matchCriteriaId: "D0535DC9-EB0E-4745-80AC-4A020DF26E38", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*", matchCriteriaId: "94F5AA37-B466-4E2E-B217-5119BADDD87B", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*", matchCriteriaId: "6DF0F0F5-4022-4837-9B40-4B1127732CC9", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*", matchCriteriaId: "B3848B08-85C2-4AAD-AA33-CCEB80EF5B32", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*", matchCriteriaId: "B7927D40-2A3A-43AD-99F6-CE61882A1FF4", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*", matchCriteriaId: "AA406EC6-6CA5-40A6-A879-AA8940CBEF07", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p385:*:*:*:*:*:*", matchCriteriaId: "1D041884-3921-4466-9A48-F644FDDA9D50", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p392:*:*:*:*:*:*", matchCriteriaId: "397A2EA7-6F83-427B-8578-3794EBF04849", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p426:*:*:*:*:*:*", matchCriteriaId: "298A5681-F756-4952-A9F8-E4C76736DF8F", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p429:*:*:*:*:*:*", matchCriteriaId: "BC5A12F7-47E2-4AC7-A41B-F4B01319002D", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p448:*:*:*:*:*:*", matchCriteriaId: "B56582F2-0D51-4FAD-888F-3342B229A557", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p545:*:*:*:*:*:*", matchCriteriaId: "F3ADD67F-D944-461F-94DA-E00D3556416F", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p547:*:*:*:*:*:*", matchCriteriaId: "93AA1766-1936-4704-A3D0-D4F280373D1C", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B03B7561-A854-4EFA-9E4E-CFC4EEAE4EE1", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*", matchCriteriaId: "D2423B85-0971-42AC-8B64-819008BC5778", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*", matchCriteriaId: "1C663278-3B2A-4B7C-959A-2AA804467F21", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*", matchCriteriaId: "B7927149-A76A-48BC-8405-7375FC7D7486", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p451:*:*:*:*:*:*", matchCriteriaId: "46485519-C2FB-4767-B699-9F51FDCF29E5", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p481:*:*:*:*:*:*", matchCriteriaId: "19CF27FB-DCF5-4533-B309-55615AE21A63", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p576:*:*:*:*:*:*", matchCriteriaId: "B9865DD1-F2AF-40B6-848A-EA9FD37034DD", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p594:*:*:*:*:*:*", matchCriteriaId: "C10BD21E-B9FA-4B57-B617-0108A00D6132", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "8DF046E4-503B-4A10-BEAB-3144BD86EA49", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*", matchCriteriaId: "9FCA45F1-3038-413A-B8C3-EE366A4E6248", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*", matchCriteriaId: "FF6AF5E3-4EB8-48A3-B8E9-C79C08C38994", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*", matchCriteriaId: "6AE2B154-8126-4A38-BAB6-915207764FC0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.", }, { lang: "es", value: "El analizador REXML en Ruby 1.9.x anterior a 1.9.3 patchlevel 551, 2.0.x anterior a 2.0.0 patchlevel 598, y 2.1.x anterior a 2.1.5 permite a atacantes remotos causar una denegación de servicio (consumo de CPU y memoria) a través de un documento XML manipulado que contiene una cadena vacía en una entidad que se utiliza en un número grande de referencias de entidad anidadas, también conocido como un ataque de expansión de entidad XML (XEE). NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2013-1821 y CVE-2014-8080.", }, ], evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/611.html\" target=\"_blank\">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>", id: "CVE-2014-8090", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-11-21T15:59:04.243", references: [ { source: "secalert@redhat.com", url: "http://advisories.mageia.org/MGASA-2014-0472.html", }, { source: "secalert@redhat.com", url: "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2014-1911.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2014-1912.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2014-1913.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2014-1914.html", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/59948", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/62050", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/62748", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2015/dsa-3157", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2015/dsa-3159", }, { source: "secalert@redhat.com", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:129", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/71230", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ubuntu.com/usn/USN-2412-1", }, { source: "secalert@redhat.com", url: "https://support.apple.com/HT205267", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://advisories.mageia.org/MGASA-2014-0472.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2014-1911.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2014-1912.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2014-1913.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2014-1914.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/59948", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/62050", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/62748", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2015/dsa-3157", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2015/dsa-3159", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:129", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/71230", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ubuntu.com/usn/USN-2412-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.apple.com/HT205267", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-28 15:15
Modified
2025-03-21 16:37
Severity ?
Summary
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:rexml:*:*:*:*:*:ruby:*:*", matchCriteriaId: "326BEE19-C954-4EAA-8473-E76CCD43A48F", versionEndExcluding: "3.3.9", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "F841AE5D-60DD-4E3A-854A-9B7B906BF7E7", versionEndExcluding: "3.2.0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "5333B745-F7A3-46CB-8437-8668DB08CD6F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.", }, { lang: "es", value: "REXML es un conjunto de herramientas XML para Ruby. La gema REXML anterior a la versión 3.3.9 tiene una vulnerabilidad ReDoS cuando analiza un XML que tiene muchos dígitos entre &# y x...; en una referencia de carácter numérico hexadecimal (&#x...;). Esto no sucede con Ruby 3.2 o posterior. Ruby 3.1 es el único Ruby afectado que se mantiene. La gema REXML 3.3.9 o posterior incluye el parche para corregir la vulnerabilidad.", }, ], id: "CVE-2024-49761", lastModified: "2025-03-21T16:37:05.047", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "UNREPORTED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "NONE", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "security-advisories@github.com", type: "Secondary", }, ], }, published: "2024-10-28T15:15:05.157", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/ruby/rexml/commit/ce59f2eb1aeb371fe1643414f06618dbe031979f", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/ruby/rexml/security/advisories/GHSA-2rxp-v6pw-ch6m", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2024/10/28/redos-rexml-cve-2024-49761", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20241227-0004/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-1333", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-09 20:15
Modified
2024-11-21 07:45
Severity ?
Summary
A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rubyonrails | rails | * | |
| rubyonrails | rails | * | |
| ruby-lang | ruby | * | |
| debian | debian_linux | 11.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*", matchCriteriaId: "3A4B1AF3-B872-4699-9EFF-BD9B9822B5D7", versionEndExcluding: "6.1.7.1", vulnerable: true, }, { criteria: "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*", matchCriteriaId: "CDA4E147-AAD7-4EA9-BB6B-8358610FEE9A", versionEndExcluding: "7.0.4.1", versionStartIncluding: "7.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "F841AE5D-60DD-4E3A-854A-9B7B906BF7E7", versionEndExcluding: "3.2.0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.", }, ], id: "CVE-2023-22795", lastModified: "2024-11-21T07:45:26.440", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-09T20:15:11.420", references: [ { source: "support@hackerone.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118", }, { source: "support@hackerone.com", url: "https://security.netapp.com/advisory/ntap-20240202-0010/", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5372", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240202-0010/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5372", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-1333", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-03-23 02:00
Modified
2025-04-11 00:51
Severity ?
Summary
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | * | |
| ruby-lang | ruby | 1.9 | |
| ruby-lang | ruby | 1.9 | |
| ruby-lang | ruby | 1.9.0 | |
| ruby-lang | ruby | 1.9.0 | |
| ruby-lang | ruby | 1.9.0-0 | |
| ruby-lang | ruby | 1.9.0-1 | |
| ruby-lang | ruby | 1.9.0-2 | |
| ruby-lang | ruby | 1.9.0-20060415 | |
| ruby-lang | ruby | 1.9.0-20070709 | |
| ruby-lang | ruby | 1.9.1 | |
| ruby-lang | ruby | 1.9.1 | |
| ruby-lang | ruby | 1.9.1 | |
| ruby-lang | ruby | 1.9.1 | |
| ruby-lang | ruby | 1.9.1 | |
| ruby-lang | ruby | 1.9.1 | |
| ruby-lang | ruby | 1.9.1 | |
| ruby-lang | ruby | 1.9.1 | |
| ruby-lang | ruby | 1.9.1 | |
| ruby-lang | ruby | 1.9.1 | |
| ruby-lang | ruby | 1.9.2 | |
| ruby-lang | ruby | 1.9.2 | |
| apple | mac_os_x | 10.5.8 | |
| apple | mac_os_x | 10.6.0 | |
| apple | mac_os_x | 10.6.1 | |
| apple | mac_os_x | 10.6.2 | |
| apple | mac_os_x | 10.6.3 | |
| apple | mac_os_x | 10.6.4 | |
| apple | mac_os_x | 10.6.5 | |
| apple | mac_os_x | 10.6.6 | |
| apple | mac_os_x_server | 10.5.8 | |
| apple | mac_os_x_server | 10.6.0 | |
| apple | mac_os_x_server | 10.6.1 | |
| apple | mac_os_x_server | 10.6.2 | |
| apple | mac_os_x_server | 10.6.3 | |
| apple | mac_os_x_server | 10.6.4 | |
| apple | mac_os_x_server | 10.6.5 | |
| apple | mac_os_x_server | 10.6.6 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "7999259C-95F6-474B-A828-1DEBFD20236D", versionEndIncluding: "1.9.2-p136", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*", matchCriteriaId: "D9237145-35F8-4E05-B730-77C0F386E5B2", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9:r18423:*:*:*:*:*:*", matchCriteriaId: "11743FC1-0DD5-4946-AECF-C9962BF7C21F", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "52179EC7-CAF0-42AA-A21A-7105E10CA122", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.0:r18423:*:*:*:*:*:*", matchCriteriaId: "D906EA97-7071-4CFA-84EF-EC82D813D7AE", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.0-0:*:*:*:*:*:*:*", matchCriteriaId: "A2D5127F-1E79-4F83-8BB0-C479B6CFE9AE", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.0-1:*:*:*:*:*:*:*", matchCriteriaId: "31181BA2-71A7-40C8-9E08-8FEAB013977B", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.0-2:*:*:*:*:*:*:*", matchCriteriaId: "EB8F3772-C973-41DB-AB3A-F4323418FC7F", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.0-20060415:*:*:*:*:*:*:*", matchCriteriaId: "A688B357-7096-4362-A7DD-5A24FB0AF431", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.0-20070709:*:*:*:*:*:*:*", matchCriteriaId: "46913DE9-8AE6-40E5-AEA1-6D2524EE7581", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*", matchCriteriaId: "C78BB1D8-0505-484D-B824-1AA219F8B247", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-p0:*:*:*:*:*:*", matchCriteriaId: "470CF526-96F6-4DD1-B687-17106051A6D5", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-p129:*:*:*:*:*:*", matchCriteriaId: "52159D9F-8CD3-4103-82E6-BDE035BA3625", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-p243:*:*:*:*:*:*", matchCriteriaId: "EC0FD3F8-73A3-4518-8892-1E34D709FB89", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-p376:*:*:*:*:*:*", matchCriteriaId: "4B846CCE-7D1D-4A7E-95D8-50F92CF79AC6", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-p429:*:*:*:*:*:*", matchCriteriaId: "CB99DD31-7355-4FF1-AE41-CC156F83D7A2", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_1:*:*:*:*:*:*", matchCriteriaId: "A7E15263-74D3-42D4-B37C-C649F68EDECC", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_2:*:*:*:*:*:*", matchCriteriaId: "BA7FEA9B-06CE-4D08-9D61-2526ED5AE630", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc1:*:*:*:*:*:*", matchCriteriaId: "0D7F7EA5-7F6C-4C15-AB97-024836DC4862", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc2:*:*:*:*:*:*", matchCriteriaId: "236B38D1-0CCA-43C5-B2FC-1224F4F4E165", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*", matchCriteriaId: "5178D04D-1C29-4353-8987-559AA07443EC", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.2:dev:*:*:*:*:*:*", matchCriteriaId: "D19F541D-98C2-42A6-9364-D6D9A279796E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*", matchCriteriaId: "1335E35A-D381-4056-9E78-37BC6DF8AD98", vulnerable: false, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*", matchCriteriaId: "3C69DEE9-3FA5-408E-AD27-F5E7043F852A", vulnerable: false, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*", matchCriteriaId: "D25D1FD3-C291-492C-83A7-0AFAFAADC98D", vulnerable: false, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*", matchCriteriaId: "5B565F77-C310-4B83-B098-22F9489C226C", vulnerable: false, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*", matchCriteriaId: "546EBFC8-79F0-42C2-9B9A-A76CA3F19470", vulnerable: false, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*", matchCriteriaId: "119C8089-8C98-472E-9E9C-1741AA21DD35", vulnerable: false, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.6.5:*:*:*:*:*:*:*", matchCriteriaId: "831C5105-6409-4743-8FB5-A91D8956202F", vulnerable: false, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.6.6:*:*:*:*:*:*:*", matchCriteriaId: "0B63D169-E2AA-4315-891F-B4AF99F2753C", vulnerable: false, }, { criteria: "cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*", matchCriteriaId: "82B4CD59-9F37-4EF0-BA43-427CFD6E1329", vulnerable: false, }, { criteria: "cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*", matchCriteriaId: "26E34E35-CCE9-42BE-9AFF-561D8AA90E25", vulnerable: false, }, { criteria: "cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*", matchCriteriaId: "A04FF6EE-D4DA-4D70-B0CE-154292828531", vulnerable: false, }, { criteria: "cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*", matchCriteriaId: "9425320F-D119-49EB-9265-3159070DFE93", vulnerable: false, }, { criteria: "cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*", matchCriteriaId: "F6BE138D-619B-4E44-BFB2-8DFE5F0D1E12", vulnerable: false, }, { criteria: "cpe:2.3:o:apple:mac_os_x_server:10.6.4:*:*:*:*:*:*:*", matchCriteriaId: "EF0D1051-F850-4A02-ABA0-968E1336A518", vulnerable: false, }, { criteria: "cpe:2.3:o:apple:mac_os_x_server:10.6.5:*:*:*:*:*:*:*", matchCriteriaId: "A1C9705A-74D4-43BA-A119-C667678F9A15", vulnerable: false, }, { criteria: "cpe:2.3:o:apple:mac_os_x_server:10.6.6:*:*:*:*:*:*:*", matchCriteriaId: "4BBF5FE5-4B25-47BE-8D9D-F228746408EC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an \"integer truncation issue.\"", }, { lang: "es", value: "La función VpMemAlloc en bigdecimal.c en la clase BigDecimal en Ruby v1.9.2-P136 y anteriores, tal como se utiliza en Apple Mac OS X antes de vv10.6.7 y en otras plataformas, no asigna memoria adecuadamente, lo que permite a atacantes dependientes de contexto ejecutar código de su elección o causar una denegación de servicio (caída de aplicación) a través de vectores que impliquen la creación de un valor BigDecimal grande dentro de un proceso de 64 bits, relacionado con un \"fallo de truncado de entero\".", }, ], evaluatorImpact: "Per: http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html\r\n\r\n 'This issue only affects 64-bit Ruby processes'.", id: "CVE-2011-0188", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2011-03-23T02:00:06.110", references: [ { source: "product-security@apple.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html", }, { source: "product-security@apple.com", tags: [ "Patch", ], url: "http://support.apple.com/kb/HT4581", }, { source: "product-security@apple.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ext/bigdecimal/bigdecimal.c?r1=29364&r2=30993", }, { source: "product-security@apple.com", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:097", }, { source: "product-security@apple.com", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:098", }, { source: "product-security@apple.com", url: "http://www.redhat.com/support/errata/RHSA-2011-0908.html", }, { source: "product-security@apple.com", url: "http://www.redhat.com/support/errata/RHSA-2011-0909.html", }, { source: "product-security@apple.com", url: "http://www.redhat.com/support/errata/RHSA-2011-0910.html", }, { source: "product-security@apple.com", url: "http://www.securitytracker.com/id?1025236", }, { source: "product-security@apple.com", tags: [ "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=682332", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://support.apple.com/kb/HT4581", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ext/bigdecimal/bigdecimal.c?r1=29364&r2=30993", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:097", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:098", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2011-0908.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2011-0909.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2011-0910.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1025236", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=682332", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-189", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-18 23:15
Modified
2024-11-21 06:09
Severity ?
Summary
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:ruby:*:*", matchCriteriaId: "CABF5DC4-7B4F-4548-B2DF-914B096246B8", versionEndExcluding: "0.1.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:ruby:*:*", matchCriteriaId: "E6B2E611-4DD9-4265-AC1E-AA10826582D2", versionEndExcluding: "0.2.2", versionStartIncluding: "0.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:ruby:*:*", matchCriteriaId: "A6DA6066-2A67-4EE2-934F-3A0CF3D66AA7", versionEndExcluding: "0.3.5", versionStartIncluding: "0.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "3553CC40-CE13-48A8-B959-0C0B96F1FAD1", versionEndExcluding: "2.7.7", versionStartIncluding: "2.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "3047B1E3-1CB1-4270-AB66-CF194AECB87E", versionEndExcluding: "3.0.5", versionStartIncluding: "3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "576D85B3-8EA3-42F8-89FE-316057C9971D", versionEndExcluding: "3.1.3", versionStartIncluding: "3.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.", }, { lang: "es", value: "La gema cgi anterior a 0.1.0.2, 0.2.x anterior a 0.2.2 y 0.3.x anterior a 0.3.5 para Ruby permite la división de respuestas HTTP. Esto es relevante para aplicaciones que utilizan entradas de usuarios que no son de confianza, ya sea para generar una respuesta HTTP o para crear un objeto CGI::Cookie.", }, ], id: "CVE-2021-33621", lastModified: "2024-11-21T06:09:12.553", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-18T23:15:18.987", references: [ { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQR7LWED6VAPD5ATYOBZIGJQPCUBRJBX/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THVTYHHEOVLQFCFHWURZYO7PVUPBHRZD/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YACE6ORF2QBXXBK2V2CM36D7TZMEJVAS/", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/202401-27", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221228-0004/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQR7LWED6VAPD5ATYOBZIGJQPCUBRJBX/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THVTYHHEOVLQFCFHWURZYO7PVUPBHRZD/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YACE6ORF2QBXXBK2V2CM36D7TZMEJVAS/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202401-27", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221228-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-12-11 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of these details are obtained from third party information.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-p0:*:*:*:*:*:*", matchCriteriaId: "470CF526-96F6-4DD1-B687-17106051A6D5", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-p129:*:*:*:*:*:*", matchCriteriaId: "52159D9F-8CD3-4103-82E6-BDE035BA3625", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-p243:*:*:*:*:*:*", matchCriteriaId: "EC0FD3F8-73A3-4518-8892-1E34D709FB89", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_1:*:*:*:*:*:*", matchCriteriaId: "A7E15263-74D3-42D4-B37C-C649F68EDECC", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_2:*:*:*:*:*:*", matchCriteriaId: "BA7FEA9B-06CE-4D08-9D61-2526ED5AE630", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc1:*:*:*:*:*:*", matchCriteriaId: "0D7F7EA5-7F6C-4C15-AB97-024836DC4862", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc2:*:*:*:*:*:*", matchCriteriaId: "236B38D1-0CCA-43C5-B2FC-1224F4F4E165", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of these details are obtained from third party information.", }, { lang: "es", value: "Desbordamiento del búfer de la memoria dinámica en la función rb_str_justify en string.c en Ruby v1.9.1 en versiones anteriores a v1.9.1-p376 atacantes dependientes del contexto podrían ejecutar código arbitrario a través de vectores sin especificar que incluyen (1) String#ljust, (2) String#center, o (3) String#rjust. NOTA: Algunos de los detalles han sido obtenidos de terceros.", }, ], id: "CVE-2009-4124", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-12-11T16:30:00.267", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/37660", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/60880", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/37278", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2009/3471", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/54674", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/37660", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/60880", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/37278", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2009/3471", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/54674", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-06 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.securityfocus.com/bid/91234 | ||
| cret@cert.org | http://www.talosintelligence.com/reports/TALOS-2016-0034/ | Exploit, Technical Description, Third Party Advisory, VDB Entry | |
| cret@cert.org | https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/91234 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.talosintelligence.com/reports/TALOS-2016-0034/ | Exploit, Technical Description, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*", matchCriteriaId: "5FCCD8F3-E667-42F2-9861-14EDFB16583A", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "822307DD-7F7D-44C2-9C4B-CB8704663410", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An exploitable heap overflow vulnerability exists in the Fiddle::Function.new \"initialize\" function functionality of Ruby. In Fiddle::Function.new \"initialize\" heap buffer \"arg_types\" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.", }, { lang: "es", value: "Existe una vulnerabilidad explotable de desbordamiento de memoria dinámica en la funcionalidad Fiddle::Function.new \"initialize\" de Ruby. En Fiddle::Function.new \"initialize\" la ubicación \"arg_types\" de la memoria dinámica del búfer se hace en base a la longitud de los args array. Un objeto especialmente construido pasado como un elemento de los args array puede incrementar el tamaño de este array después de haber mencionado la ubicación y provocar desbordamiento de memoria dinámica.", }, ], id: "CVE-2016-2339", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-06T21:59:00.493", references: [ { source: "cret@cert.org", url: "http://www.securityfocus.com/bid/91234", }, { source: "cret@cert.org", tags: [ "Exploit", "Technical Description", "Third Party Advisory", "VDB Entry", ], url: "http://www.talosintelligence.com/reports/TALOS-2016-0034/", }, { source: "cret@cert.org", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/91234", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Technical Description", "Third Party Advisory", "VDB Entry", ], url: "http://www.talosintelligence.com/reports/TALOS-2016-0034/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, ], sourceIdentifier: "cret@cert.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-03-29 14:59
Modified
2025-04-20 01:37
Severity ?
Summary
DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | 1.8.0 | |
| ruby-lang | ruby | 1.9.0 | |
| ruby-lang | ruby | 1.9.2 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.1.0 | |
| ruby-lang | ruby | 2.1.1 | |
| ruby-lang | ruby | 2.1.2 | |
| ruby-lang | ruby | 2.1.3 | |
| ruby-lang | ruby | 2.1.4 | |
| ruby-lang | ruby | 2.1.5 | |
| ruby-lang | ruby | 2.1.6 | |
| ruby-lang | ruby | 2.1.7 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*", matchCriteriaId: "16BDFA5C-35BE-4B7E-BD2D-C28B095F62E0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "52179EC7-CAF0-42AA-A21A-7105E10CA122", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*", matchCriteriaId: "5178D04D-1C29-4353-8987-559AA07443EC", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*", matchCriteriaId: "D0535DC9-EB0E-4745-80AC-4A020DF26E38", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B03B7561-A854-4EFA-9E4E-CFC4EEAE4EE1", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*", matchCriteriaId: "1C663278-3B2A-4B7C-959A-2AA804467F21", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*", matchCriteriaId: "B7927149-A76A-48BC-8405-7375FC7D7486", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p353:*:*:*:*:*:*", matchCriteriaId: "3D627638-64AA-455B-9FEA-093D3773B9FD", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p481:*:*:*:*:*:*", matchCriteriaId: "19CF27FB-DCF5-4533-B309-55615AE21A63", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p576:*:*:*:*:*:*", matchCriteriaId: "B9865DD1-F2AF-40B6-848A-EA9FD37034DD", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p594:*:*:*:*:*:*", matchCriteriaId: "C10BD21E-B9FA-4B57-B617-0108A00D6132", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p598:*:*:*:*:*:*", matchCriteriaId: "3D5ABD47-64AC-4844-B78B-F0D3BC3B8F49", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p643:*:*:*:*:*:*", matchCriteriaId: "4EF7FDAD-9CAF-452D-B229-EF7C390DE712", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p645:*:*:*:*:*:*", matchCriteriaId: "942C4584-11B4-4E6E-BD42-6F4573E55412", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p647:*:*:*:*:*:*", matchCriteriaId: "49AB6D01-7AFE-4482-A6B4-C085A100A9A8", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "85A846FF-DD34-4DD6-BD61-09124C145E97", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "8DF046E4-503B-4A10-BEAB-3144BD86EA49", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*", matchCriteriaId: "9FCA45F1-3038-413A-B8C3-EE366A4E6248", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*", matchCriteriaId: "FF6AF5E3-4EB8-48A3-B8E9-C79C08C38994", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*", matchCriteriaId: "6AE2B154-8126-4A38-BAB6-915207764FC0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1.5:*:*:*:*:*:*:*", matchCriteriaId: "808FA8BE-71FC-4ADD-BDEA-637E8DF4E899", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1.6:*:*:*:*:*:*:*", matchCriteriaId: "523417A8-F62B-48AF-B60B-CE9A200D4A9A", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1.7:*:*:*:*:*:*:*", matchCriteriaId: "FAB1E0F8-F9B0-40E9-892E-C62729525CE5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.", }, { lang: "es", value: "DL::dlopen en Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 en versiones anteriores a patchlevel 648, y 2.1 en versiones anteriores a 2.1.8 abre librerías con nombres contaminados.", }, ], id: "CVE-2009-5147", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-03-29T14:59:00.187", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/oss-sec/2015/q3/222", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/76060", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1248935", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/oss-sec/2015/q3/222", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/76060", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1248935", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-05-02 14:55
Modified
2025-04-11 00:51
Severity ?
Summary
The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*", matchCriteriaId: "2D86FC99-3521-4E22-8FD3-65CEB05A6342", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005.", }, { lang: "es", value: "La funcionalidad safe-level de Ruby v1.8.7 permite a atacantes dependiendo del contexto modificar cadenas a través del método NameError#to_s mientras corren objetos Ruby. NOTA: este problema es debido a una corrección incompleta para CVE-2011-1005.", }, ], id: "CVE-2012-4481", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-05-02T14:55:05.160", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2013-0129.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2013-0612.html", }, { source: "secalert@redhat.com", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:124", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/10/05/4", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=863484", }, { source: "secalert@redhat.com", url: "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2013-0129.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2013-0612.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:124", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/10/05/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=863484", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-09-04 17:41
Modified
2025-04-09 00:30
Severity ?
Summary
resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | 1.6 | |
| ruby-lang | ruby | 1.6.8 | |
| ruby-lang | ruby | 1.8.0 | |
| ruby-lang | ruby | 1.8.1 | |
| ruby-lang | ruby | 1.8.2 | |
| ruby-lang | ruby | 1.8.3 | |
| ruby-lang | ruby | 1.8.4 | |
| ruby-lang | ruby | 1.8.6 | |
| ruby-lang | ruby | 1.8.6 | |
| ruby-lang | ruby | 1.8.6 | |
| ruby-lang | ruby | 1.8.6 | |
| ruby-lang | ruby | 1.8.6 | |
| ruby-lang | ruby | 1.8.6 | |
| ruby-lang | ruby | 1.8.6 | |
| ruby-lang | ruby | 1.8.6 | |
| ruby-lang | ruby | 1.8.6 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "9721AB68-8002-4F85-98BC-0E6FDF7CDF6C", versionEndIncluding: "1.8.5", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:p286:*:*:*:*:*:*", matchCriteriaId: "A8C49C83-B7D2-4243-AEBC-835290FA5210", versionEndIncluding: "1.8.6", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:p71:*:*:*:*:*:*", matchCriteriaId: "C7FA4451-B1F8-4504-9FFB-046DD998E846", versionEndIncluding: "1.8.7", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:r18423:*:*:*:*:*:*", matchCriteriaId: "6DFDB9CE-E9F9-4CB2-945F-16DA755C031D", versionEndIncluding: "1.9", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.6:*:*:*:*:*:*:*", matchCriteriaId: "F4DCF07C-896A-48B6-AE0B-3306FC31CF44", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.6.8:*:*:*:*:*:*:*", matchCriteriaId: "46086C6A-9068-4959-BEE7-4D76BDEA3962", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*", matchCriteriaId: "16BDFA5C-35BE-4B7E-BD2D-C28B095F62E0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.1:*:*:*:*:*:*:*", matchCriteriaId: "31160797-6920-4BA1-B355-1CCD1FCDBFC8", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.2:*:*:*:*:*:*:*", matchCriteriaId: "A5675C37-39EF-41EF-9A53-3FCE4CF23820", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.3:*:*:*:*:*:*:*", matchCriteriaId: "46F29ADA-E6DC-456F-9E63-C56C68EF7E5C", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.4:*:*:*:*:*:*:*", matchCriteriaId: "7AC1B910-C0FA-4943-92B1-597842E84015", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*", matchCriteriaId: "876B2575-4F81-4A70-9A88-9BEE44649626", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:p110:*:*:*:*:*:*", matchCriteriaId: "DF02372D-FD0B-453F-821E-1E0BA7900711", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:p111:*:*:*:*:*:*", matchCriteriaId: "0A6ED369-E564-4D4F-9E23-A8125194EAD0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:p114:*:*:*:*:*:*", matchCriteriaId: "ACC0DB90-C072-4BCB-9082-94394F547D35", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:p230:*:*:*:*:*:*", matchCriteriaId: "4D7ED62B-4D88-46A4-A0A3-BD37E66A5211", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:p36:*:*:*:*:*:*", matchCriteriaId: "FB0372E4-FE3E-49CD-AF55-E2E4518D34F5", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1:*:*:*:*:*:*", matchCriteriaId: "04579340-B53F-47B5-99C9-B647AAA3D303", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2:*:*:*:*:*:*", matchCriteriaId: "9D7F4162-108A-470B-8E6B-C009E8C56AEF", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3:*:*:*:*:*:*", matchCriteriaId: "73AB0545-3D8D-4623-8381-D71DA44E3B5D", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*", matchCriteriaId: "2D86FC99-3521-4E22-8FD3-65CEB05A6342", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*", matchCriteriaId: "84A291B0-EABD-4572-B8E2-2457DBAEDC92", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*", matchCriteriaId: "1FE05F3A-A8B5-45EE-BF52-D55E2768F890", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*", matchCriteriaId: "4E37786B-5336-4182-A1E3-801BDB6F61EC", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*", matchCriteriaId: "349D014E-223A-46A7-8334-543DB330C215", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*", matchCriteriaId: "550EC183-43A1-4A63-A23C-A48C1F078451", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*", matchCriteriaId: "0ACECF59-AA88-4B5C-A671-83842C9CF072", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.", }, { lang: "es", value: "resolv.rb en Ruby 1.8.5 y versiones anteriores, 1.8.6 versiones anteriores a 1.8.6-p287, 1.8.7 versiones anteriores a 1.8.7-p72, y 1.9 r18423 y versiones anteriores utiliza transacciones secuenciales de IDs y puertos de origen constante para peticiones DNS, lo cual hace más sencillo para atacantes remotos envenenar respuestas DNS, una vulnerabilidad diferente a CVE-2008-1447.\r\n\r\n", }, ], id: "CVE-2008-3905", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-09-04T17:41:00.000", references: [ { source: "cve@mitre.org", url: "http://secunia.com/advisories/31430", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/32165", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/32219", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/32255", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/32256", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/32371", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/32948", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/33178", }, { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { source: "cve@mitre.org", url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.371754", }, { source: "cve@mitre.org", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2008/dsa-1651", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2008/dsa-1652", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.openwall.com/lists/oss-security/2008/09/03/3", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2008/09/04/9", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/31699", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/2334", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45935", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10034", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/651-1/", }, { source: "cve@mitre.org", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html", }, { source: "cve@mitre.org", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/31430", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/32165", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/32219", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/32255", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/32256", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/32371", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/32948", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/33178", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.371754", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2008/dsa-1651", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2008/dsa-1652", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.openwall.com/lists/oss-security/2008/09/03/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2008/09/04/9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/31699", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/2334", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45935", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10034", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/651-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-06-12 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:rc1:*:*:*:*:*:*", matchCriteriaId: "70BED4E2-17E3-4B9D-8C58-ECBE978E90F3", versionEndIncluding: "2.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.", }, { lang: "es", value: "El modulo Net::SMTP de Ruby anterior a su versión 2.4.0 es vulnerable a la inyección de comandos SMTP mediante secuencias CRLF de los comandos \"RCPT TO\" o \"MAIL FROM\", como demuestra las secuencias CRLF inmediatamente antes y después de la substring DATA.", }, ], id: "CVE-2015-9096", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-06-12T20:29:00.190", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "http://www.mbsd.jp/Whitepaper/smtpi.pdf", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/ruby/ruby/commit/0827a7e52ba3d957a634b063bf5a391239b9ffee", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/rubysec/ruby-advisory-db/issues/215", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://hackerone.com/reports/137631", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { source: "cve@mitre.org", url: "https://www.debian.org/security/2017/dsa-3966", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "http://www.mbsd.jp/Whitepaper/smtpi.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/ruby/ruby/commit/0827a7e52ba3d957a634b063bf5a391239b9ffee", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/rubysec/ruby-advisory-db/issues/215", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://hackerone.com/reports/137631", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.debian.org/security/2017/dsa-3966", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-93", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-08-05 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | * | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7-160 | |
| ruby-lang | ruby | 1.8.7-173 | |
| ruby-lang | ruby | 1.8.7-248 | |
| ruby-lang | ruby | 1.8.7-249 | |
| ruby-lang | ruby | 1.8.7-299 | |
| ruby-lang | ruby | 1.8.7-302 | |
| ruby-lang | ruby | 1.8.7-330 | |
| ruby-lang | ruby | 1.8.7-p21 | |
| ruby-lang | ruby | 1.9 | |
| ruby-lang | ruby | 1.9 | |
| ruby-lang | ruby | 1.9.0 | |
| ruby-lang | ruby | 1.9.0 | |
| ruby-lang | ruby | 1.9.0-0 | |
| ruby-lang | ruby | 1.9.0-1 | |
| ruby-lang | ruby | 1.9.0-2 | |
| ruby-lang | ruby | 1.9.0-20060415 | |
| ruby-lang | ruby | 1.9.0-20070709 | |
| ruby-lang | ruby | 1.9.1 | |
| ruby-lang | ruby | 1.9.1 | |
| ruby-lang | ruby | 1.9.1 | |
| ruby-lang | ruby | 1.9.1 | |
| ruby-lang | ruby | 1.9.1 | |
| ruby-lang | ruby | 1.9.1 | |
| ruby-lang | ruby | 1.9.1 | |
| ruby-lang | ruby | 1.9.1 | |
| ruby-lang | ruby | 1.9.1 | |
| ruby-lang | ruby | 1.9.1 | |
| ruby-lang | ruby | 1.9.2 | |
| ruby-lang | ruby | 1.9.2 | |
| ruby-lang | ruby | 1.9.2-p136 | |
| ruby-lang | ruby | 1.9.2-p180 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "2C145137-6CD4-4E6D-B17E-F21F88E272BF", versionEndIncluding: "1.8.7-334", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*", matchCriteriaId: "1FE05F3A-A8B5-45EE-BF52-D55E2768F890", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*", matchCriteriaId: "0C6D66E2-3E10-4DEA-9E6B-53A5DE78AFCF", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p72:*:*:*:*:*:*", matchCriteriaId: "17AA24B4-30C7-4D46-A55C-A5CC7C446436", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7-160:*:*:*:*:*:*:*", matchCriteriaId: "DD10E326-6907-47DB-B2F1-D09EF2E7EBD8", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7-173:*:*:*:*:*:*:*", matchCriteriaId: "55A7F5F2-3F5D-441B-9756-8540BDCB3356", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7-248:*:*:*:*:*:*:*", matchCriteriaId: "4FE44E5F-8ECA-4325-9454-12682D84F430", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7-249:*:*:*:*:*:*:*", matchCriteriaId: "81D68A0E-2809-4A02-BEEA-B37719AC23DC", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7-299:*:*:*:*:*:*:*", matchCriteriaId: "324BD6C5-27BE-4678-846D-90433FD6AD0A", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7-302:*:*:*:*:*:*:*", matchCriteriaId: "6AA691FE-2BBF-4407-A52B-8CCAA07E0BC1", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7-330:*:*:*:*:*:*:*", matchCriteriaId: "3684A343-ABD7-4B80-993C-1F3CC0F983DF", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7-p21:*:*:*:*:*:*:*", matchCriteriaId: "D1797BB1-935E-45F0-A803-A985E5659236", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*", matchCriteriaId: "D9237145-35F8-4E05-B730-77C0F386E5B2", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9:r18423:*:*:*:*:*:*", matchCriteriaId: "11743FC1-0DD5-4946-AECF-C9962BF7C21F", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "52179EC7-CAF0-42AA-A21A-7105E10CA122", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.0:r18423:*:*:*:*:*:*", matchCriteriaId: "D906EA97-7071-4CFA-84EF-EC82D813D7AE", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.0-0:*:*:*:*:*:*:*", matchCriteriaId: "A2D5127F-1E79-4F83-8BB0-C479B6CFE9AE", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.0-1:*:*:*:*:*:*:*", matchCriteriaId: "31181BA2-71A7-40C8-9E08-8FEAB013977B", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.0-2:*:*:*:*:*:*:*", matchCriteriaId: "EB8F3772-C973-41DB-AB3A-F4323418FC7F", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.0-20060415:*:*:*:*:*:*:*", matchCriteriaId: "A688B357-7096-4362-A7DD-5A24FB0AF431", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.0-20070709:*:*:*:*:*:*:*", matchCriteriaId: "46913DE9-8AE6-40E5-AEA1-6D2524EE7581", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*", matchCriteriaId: "C78BB1D8-0505-484D-B824-1AA219F8B247", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-p0:*:*:*:*:*:*", matchCriteriaId: "470CF526-96F6-4DD1-B687-17106051A6D5", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-p129:*:*:*:*:*:*", matchCriteriaId: "52159D9F-8CD3-4103-82E6-BDE035BA3625", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-p243:*:*:*:*:*:*", matchCriteriaId: "EC0FD3F8-73A3-4518-8892-1E34D709FB89", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-p376:*:*:*:*:*:*", matchCriteriaId: "4B846CCE-7D1D-4A7E-95D8-50F92CF79AC6", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-p429:*:*:*:*:*:*", matchCriteriaId: "CB99DD31-7355-4FF1-AE41-CC156F83D7A2", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_1:*:*:*:*:*:*", matchCriteriaId: "A7E15263-74D3-42D4-B37C-C649F68EDECC", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_2:*:*:*:*:*:*", matchCriteriaId: "BA7FEA9B-06CE-4D08-9D61-2526ED5AE630", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc1:*:*:*:*:*:*", matchCriteriaId: "0D7F7EA5-7F6C-4C15-AB97-024836DC4862", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc2:*:*:*:*:*:*", matchCriteriaId: "236B38D1-0CCA-43C5-B2FC-1224F4F4E165", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*", matchCriteriaId: "5178D04D-1C29-4353-8987-559AA07443EC", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.2:dev:*:*:*:*:*:*", matchCriteriaId: "D19F541D-98C2-42A6-9364-D6D9A279796E", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.2-p136:*:*:*:*:*:*:*", matchCriteriaId: "BCD01B23-A519-4FB8-99A1-1F91E6267E22", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.2-p180:*:*:*:*:*:*:*", matchCriteriaId: "C9035B9B-CAFA-49F2-900D-78108FDAFB90", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.", }, { lang: "es", value: "La función SecureRandom.random_bytes de lib/securerandom.rb de Ruby en versiones anteriores a 1.8.7-p352 y 1.9.x anteriores a 1.9.2-p290 se basa en valores PID para la inicialización, lo que facilita a atacantes dependientes del contexto predecir la cadena resultado utilizando el conocimiento de cadenas aleatorias obtenidas en procesos anteriores con el mismo PID.", }, ], id: "CVE-2011-2705", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-08-05T21:55:04.530", references: [ { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063062.html", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063071.html", }, { source: "secalert@redhat.com", url: "http://redmine.ruby-lang.org/issues/4579", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=32050", }, { source: "secalert@redhat.com", url: "http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_352/ChangeLog", }, { source: "secalert@redhat.com", url: "http://svn.ruby-lang.org/repos/ruby/tags/v1_9_2_290/ChangeLog", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2011/07/11/1", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2011/07/12/14", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2011/07/20/1", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2011/07/20/16", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2011-1581.html", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.ruby-lang.org/en/news/2011/07/15/ruby-1-9-2-p290-is-released/", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/49015", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=722415", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063062.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063071.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://redmine.ruby-lang.org/issues/4579", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=32050", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_352/ChangeLog", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://svn.ruby-lang.org/repos/ruby/tags/v1_9_2_290/ChangeLog", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2011/07/11/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2011/07/12/14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2011/07/20/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2011/07/20/16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2011-1581.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.ruby-lang.org/en/news/2011/07/15/ruby-1-9-2-p290-is-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/49015", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=722415", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-04-25 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rob_westgeest | md2pdf | 0.0.1 | |
| ruby-lang | ruby | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:rob_westgeest:md2pdf:0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "70D6EB3C-A8C6-4F21-BF5A-FFCF85B3395A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "264DD094-A8CD-465D-B279-C834DDA5F79C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.", }, { lang: "es", value: "converter.rb del md2pdf para Ruby v0.0.1 permite a atacantes dependientes de contexto para ejecutar comandos arbitrarios vía metacaracteres de shell en un nombre de archivo.", }, ], id: "CVE-2013-1948", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-04-25T23:55:01.617", references: [ { source: "secalert@redhat.com", url: "http://osvdb.org/92290", }, { source: "secalert@redhat.com", url: "http://vapid.dhs.org/advisories/md2pdf-remote-exec.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/59061", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/83416", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/92290", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://vapid.dhs.org/advisories/md2pdf-remote-exec.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/59061", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/83416", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-04-03 22:29
Modified
2024-11-21 03:18
Severity ?
Summary
Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "79C0C7FF-8814-4F49-8DFE-8763BE582055", versionEndExcluding: "2.2.10", versionStartIncluding: "2.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "17DC7068-E1B8-4699-BDE0-14305D35D24B", versionEndExcluding: "2.3.7", versionStartIncluding: "2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "7172D61A-F82C-4EB5-9763-611CFE08A09B", versionEndExcluding: "2.4.4", versionStartIncluding: "2.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "4A56E97B-C7E3-48AC-AAEF-4FA056276D03", versionEndExcluding: "2.5.1", versionStartIncluding: "2.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1:*:*:*:*:*:*", matchCriteriaId: "787FDFC6-E780-4F95-9E46-C5CF77E7EBC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.", }, { lang: "es", value: "Ruby, en versiones anteriores a la 2.2.10, versiones 2.3.x anteriores a la 2.3.7, versiones 2.4.x anteriores a la 2.4.4, versiones 2.5.x anteriores a la 2.5.1 y la versión 2.6.0-preview1, permite un ataque de separación de respuesta HTTP. Un atacante puede inyectar una clave y un valor manipulados en una respuesta HTTP para el servidor HTTP de WEBrick.", }, ], id: "CVE-2017-17742", lastModified: "2024-11-21T03:18:34.057", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-03T22:29:00.383", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103684", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1042004", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2019:2028", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/3685-1/", }, { source: "cve@mitre.org", url: "https://www.debian.org/security/2018/dsa-4259", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103684", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1042004", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2019:2028", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/3685-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.debian.org/security/2018/dsa-4259", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-113", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-05-24 15:29
Modified
2025-04-20 01:37
Severity ?
Summary
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/kkos/oniguruma/commit/166a6c3999bf06b4de0ab4ce6b088a468cc4029f | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/kkos/oniguruma/issues/56 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kkos/oniguruma/commit/166a6c3999bf06b4de0ab4ce6b088a468cc4029f | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kkos/oniguruma/issues/56 | Exploit, Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oniguruma_project:oniguruma:6.2.0:*:*:*:*:*:*:*", matchCriteriaId: "71A9EC32-B30C-40DF-9937-654BC977DCC4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:php:php:*:*:*:*:*:oniguruma-mod:*:*", matchCriteriaId: "0F46CC6A-6949-4C1A-A615-EF23267A640C", versionEndIncluding: "7.1.5", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:oniguruma-mod:*:*", matchCriteriaId: "7843E796-2E53-442D-B27E-3F9718F9BD2D", versionEndIncluding: "2.4.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow.", }, { lang: "es", value: "Se descubrió un problema en Oniguruma versión 6.2.0, tal como es usado en Oniguruma-mod en Ruby hasta la versión 2.4.1 y mbstring en PHP hasta la versión 7.1.5. Una escritura fuera de los límites de la pila en la función onigenc_unicode_get_case_fold_codes_by_str() ocurre durante la compilación de expresiones regulares. El punto de código 0xFFFFFFFF no se maneja apropiadamente en unicode_unfold_key(). Una expresión regular malformada podría dar como resultado que se escriban 4 bytes al final de un búfer de pila de expand_case_fold_string() durante la llamada a onigenc_unicode_get_case_fold_codes_by_str(), un desbordamiento de búfer de pila típico.", }, ], id: "CVE-2017-9225", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-05-24T15:29:00.230", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/kkos/oniguruma/commit/166a6c3999bf06b4de0ab4ce6b088a468cc4029f", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/kkos/oniguruma/issues/56", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/kkos/oniguruma/commit/166a6c3999bf06b4de0ab4ce6b088a468cc4029f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/kkos/oniguruma/issues/56", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-01-13 20:30
Modified
2025-04-09 00:30
Severity ?
Summary
WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:webrick:1.3.1:*:*:*:*:ruby:*:*", matchCriteriaId: "A3987438-FB66-4B8A-A2E2-124139BC9216", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "9D02C3E0-04FE-4200-944F-2EF327B8CC37", versionEndIncluding: "1.8.6.383", versionStartIncluding: "1.8.6", vulnerable: false, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "0F4C4DE1-EDEF-49F4-81FE-6B9D25453300", versionEndIncluding: "1.8.7.248", versionStartIncluding: "1.8.7", vulnerable: false, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "20792FA1-E46A-4BC1-81FD-E3C4660F2CC6", versionEndIncluding: "1.9.1.376", versionStartIncluding: "1.9.1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.", }, { lang: "es", value: "WEBrick v1.3.1 en Ruby v1.8.6 del patchlevel 383, v1.8.7 al patchlevel 248, v1.8.8dev, 1.9.1 al patchlevel 376, y v1.9.2dev ,escribe datos en un archivo de los sin depurar los caracteres no escribibles, lo que podría permitir a atacantes remotos modificar la ventana de título, o posiblemente ejecutar comandos de su elección o sobrescribir archivos, a través de una petición HTTP que contiene una secuencia de escape para el emulador de terminal.", }, ], id: "CVE-2009-4492", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-01-13T20:30:00.530", references: [ { source: "cve@mitre.org", tags: [ "Not Applicable", "Vendor Advisory", ], url: "http://secunia.com/advisories/37949", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://securitytracker.com/id?1023429", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0908.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0909.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/508830/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/37710", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Exploit", ], url: "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt", }, { source: "cve@mitre.org", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2010/0089", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Vendor Advisory", ], url: "http://secunia.com/advisories/37949", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://securitytracker.com/id?1023429", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0908.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2011-0909.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/508830/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/37710", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Exploit", ], url: "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2010/0089", }, ], sourceIdentifier: "cve@mitre.org", vendorComments: [ { comment: "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4492\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.\n", lastModified: "2010-01-21T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-10-17 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*", matchCriteriaId: "EBD0BCCE-898F-4859-A1D8-5D15894BA539", versionEndIncluding: "1.8.23", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.0:*:*:*:*:*:*:*", matchCriteriaId: "8D6A915B-43FF-4FFA-98FA-968403825D43", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.1:*:*:*:*:*:*:*", matchCriteriaId: "767790C2-2C72-45C0-A4EF-F21EAAAD1698", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.2:*:*:*:*:*:*:*", matchCriteriaId: "DBAB2571-F73A-4843-A494-1D10A214862D", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.3:*:*:*:*:*:*:*", matchCriteriaId: "57847827-F148-42C9-9180-3D5482249CB9", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.4:*:*:*:*:*:*:*", matchCriteriaId: "323AC584-E261-445D-9C84-DA34DFDE2D39", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.5:*:*:*:*:*:*:*", matchCriteriaId: "2A563E3D-2D87-4712-8C90-067ABB9D6810", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.6:*:*:*:*:*:*:*", matchCriteriaId: "7B540D22-0BDC-4727-B11E-9667F6E188BA", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.7:*:*:*:*:*:*:*", matchCriteriaId: "8D7D308E-2A6C-4DF7-94B1-C5BCC5C3FD24", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.8:*:*:*:*:*:*:*", matchCriteriaId: "741E979F-6AD5-4C15-8541-5D5F659E5ED3", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.9:*:*:*:*:*:*:*", matchCriteriaId: "81C93DD3-19B4-431D-A7BD-E86F90F91745", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.10:*:*:*:*:*:*:*", matchCriteriaId: "CA2C407B-2C0F-4C46-9F5B-6C63CC887941", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.11:*:*:*:*:*:*:*", matchCriteriaId: "7865522C-C5D0-4D4B-B090-7B756B36DF4F", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.12:*:*:*:*:*:*:*", matchCriteriaId: "CA1CDCDA-E1F2-4C23-8448-0EF1D61CE40B", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.13:*:*:*:*:*:*:*", matchCriteriaId: "95AE74A8-4A90-4372-8B88-81FF7E6E578B", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.14:*:*:*:*:*:*:*", matchCriteriaId: "3F6BED14-99EA-4F87-95BB-078D2CEED349", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.15:*:*:*:*:*:*:*", matchCriteriaId: "7EC8340E-D33E-4DB6-A08B-E56EA035C133", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.16:*:*:*:*:*:*:*", matchCriteriaId: "4BF3F97C-C396-4AFE-9EC6-4BBD840ED363", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.17:*:*:*:*:*:*:*", matchCriteriaId: "41E7E929-1144-438A-A55D-0B5CE6886C0E", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.18:*:*:*:*:*:*:*", matchCriteriaId: "F3EB522C-6EA5-4CF5-B610-CB9414DD4815", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.19:*:*:*:*:*:*:*", matchCriteriaId: "EF3220D1-DEFF-46A6-95B3-A40838D4E294", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.20:*:*:*:*:*:*:*", matchCriteriaId: "E8DA4D9E-B822-4254-856C-3176A948D718", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.21:*:*:*:*:*:*:*", matchCriteriaId: "0D3EAD7C-CB12-4897-B5FA-63D49CDABD35", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.22:*:*:*:*:*:*:*", matchCriteriaId: "03AC5DA5-AD7F-4C7F-8437-568B7AAAEB17", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.24:*:*:*:*:*:*:*", matchCriteriaId: "B549DE72-CB99-4E37-9B0A-CDDBF1AC7B27", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:1.8.25:*:*:*:*:*:*:*", matchCriteriaId: "CBA0773B-1409-4407-AF8C-ED4212FE8DB0", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F2D82506-3FB5-41BA-8704-CC324C0B0DB2", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "260A155C-ED09-44E7-8279-5B94A4AC8CA4", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "C4E0506F-F2E6-45A2-B637-576C341A71B7", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "C2EC4513-B653-438A-A1E4-406D055FC160", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "F5FDF363-24FA-45D2-879B-B1CF9B667AE2", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "03A81F55-2B6B-467C-9281-AA11ED31220F", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "A8143D88-890D-4C87-9120-46B33D7D63C8", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "3E5608F5-AC8A-4368-9323-A2CC09F18AAD", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "EBB4E82A-B1A2-4B35-B961-830FE00F1F7D", vulnerable: true, }, { criteria: "cpe:2.3:a:rubygems:rubygems:2.1.0:rc2:*:*:*:*:*:*", matchCriteriaId: "CCAD8F26-21A8-42D8-8B12-487F59EB10CD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*", matchCriteriaId: "D9237145-35F8-4E05-B730-77C0F386E5B2", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*", matchCriteriaId: "C78BB1D8-0505-484D-B824-1AA219F8B247", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*", matchCriteriaId: "5178D04D-1C29-4353-8987-559AA07443EC", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*", matchCriteriaId: "D0535DC9-EB0E-4745-80AC-4A020DF26E38", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*", matchCriteriaId: "94F5AA37-B466-4E2E-B217-5119BADDD87B", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*", matchCriteriaId: "6DF0F0F5-4022-4837-9B40-4B1127732CC9", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*", matchCriteriaId: "B3848B08-85C2-4AAD-AA33-CCEB80EF5B32", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*", matchCriteriaId: "B7927D40-2A3A-43AD-99F6-CE61882A1FF4", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*", matchCriteriaId: "AA406EC6-6CA5-40A6-A879-AA8940CBEF07", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p385:*:*:*:*:*:*", matchCriteriaId: "1D041884-3921-4466-9A48-F644FDDA9D50", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p392:*:*:*:*:*:*", matchCriteriaId: "397A2EA7-6F83-427B-8578-3794EBF04849", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p426:*:*:*:*:*:*", matchCriteriaId: "298A5681-F756-4952-A9F8-E4C76736DF8F", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p429:*:*:*:*:*:*", matchCriteriaId: "BC5A12F7-47E2-4AC7-A41B-F4B01319002D", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*", matchCriteriaId: "90E0471D-1323-4E67-B66C-DEBF3BBAEEAA", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B03B7561-A854-4EFA-9E4E-CFC4EEAE4EE1", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*", matchCriteriaId: "D2423B85-0971-42AC-8B64-819008BC5778", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*", matchCriteriaId: "1C663278-3B2A-4B7C-959A-2AA804467F21", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*", matchCriteriaId: "B7927149-A76A-48BC-8405-7375FC7D7486", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1:*:*:*:*:*:*", matchCriteriaId: "CB116A84-1652-4F5D-98AC-81F0349EEDC0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2:*:*:*:*:*:*", matchCriteriaId: "259C21E7-6084-4710-9BB3-C232942A451E", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*", matchCriteriaId: "285A3431-BDFE-40C5-92CD-B18217757C23", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*", matchCriteriaId: "D66B32CB-AC49-4A1C-85ED-6389F27CB319", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.", }, { lang: "es", value: "Vulnerabilidad en la complejidad algorítmicade Gem :: Versión :: VERSION_PATTERN en lib / rubygems / version.rb de RubyGems antes 1.8.23.1, 1.8.24 hasta 1.8.25, 2.0.x antes de 2.0.8, y 2.1.x anterior a 2.1.0 , como se usa en Ruby 1.9.0 hasta 2.0.0p247, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de una versión de una gem manipulada que provoca una gran cantidad de retroceso en una expresión regular.", }, ], id: "CVE-2013-4287", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-10-17T23:55:04.407", references: [ { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.rubygems.org/2013/09/09/CVE-2013-4287.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1427.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2013-1441.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2013-1523.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2013-1852.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2014-0207.html", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/55381", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2013/09/10/1", }, { source: "secalert@redhat.com", url: "https://puppet.com/security/cve/cve-2013-4287", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.rubygems.org/2013/09/09/CVE-2013-4287.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1427.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2013-1441.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2013-1523.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2013-1852.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2014-0207.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/55381", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2013/09/10/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://puppet.com/security/cve/cve-2013-4287", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-310", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-06 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*", matchCriteriaId: "5FCCD8F3-E667-42F2-9861-14EDFB16583A", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "822307DD-7F7D-44C2-9C4B-CB8704663410", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as \"retval\" argument can cause arbitrary code execution.", }, { lang: "es", value: "Existe un tipo de confusión en el método de clase _cancel_eval Ruby's TclTkIp. El atacante que pasa un tipo diferente de objeto que una String como argumento \"retval\" puede provocar la ejecución de código arbitrario.", }, ], evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/843.html\">CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')</a>", id: "CVE-2016-2337", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-06T21:59:00.460", references: [ { source: "cret@cert.org", url: "http://www.securityfocus.com/bid/91233", }, { source: "cret@cert.org", tags: [ "Exploit", "Technical Description", "Third Party Advisory", "VDB Entry", ], url: "http://www.talosintelligence.com/reports/TALOS-2016-0031/", }, { source: "cret@cert.org", url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html", }, { source: "cret@cert.org", url: "https://security.gentoo.org/glsa/201710-18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/91233", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Technical Description", "Third Party Advisory", "VDB Entry", ], url: "http://www.talosintelligence.com/reports/TALOS-2016-0031/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201710-18", }, ], sourceIdentifier: "cret@cert.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-09-19 17:29
Modified
2025-04-20 01:37
Severity ?
Summary
The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | 2.2.0 | |
| ruby-lang | ruby | 2.2.0 | |
| ruby-lang | ruby | 2.2.0 | |
| ruby-lang | ruby | 2.2.0 | |
| ruby-lang | ruby | 2.2.1 | |
| ruby-lang | ruby | 2.2.2 | |
| ruby-lang | ruby | 2.2.3 | |
| ruby-lang | ruby | 2.2.4 | |
| ruby-lang | ruby | 2.2.5 | |
| ruby-lang | ruby | 2.2.6 | |
| ruby-lang | ruby | 2.2.7 | |
| ruby-lang | ruby | 2.3.0 | |
| ruby-lang | ruby | 2.3.0 | |
| ruby-lang | ruby | 2.3.0 | |
| ruby-lang | ruby | 2.3.1 | |
| ruby-lang | ruby | 2.3.2 | |
| ruby-lang | ruby | 2.3.3 | |
| ruby-lang | ruby | 2.3.4 | |
| ruby-lang | ruby | 2.4.0 | |
| ruby-lang | ruby | 2.4.0 | |
| ruby-lang | ruby | 2.4.0 | |
| ruby-lang | ruby | 2.4.0 | |
| ruby-lang | ruby | 2.4.0 | |
| ruby-lang | ruby | 2.4.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B8F103B7-0E70-4490-9802-2CD6034E240B", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.2.0:preview1:*:*:*:*:*:*", matchCriteriaId: "C0232F9E-8AA2-4BE3-B967-A83692579CC4", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.2.0:preview2:*:*:*:*:*:*", matchCriteriaId: "6C13ED3C-5F26-4249-8FB4-6714B2E0D767", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.2.0:rc1:*:*:*:*:*:*", matchCriteriaId: "7B2AFFD9-DFF5-444F-81B9-51EEF69DF1AC", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.2.1:*:*:*:*:*:*:*", matchCriteriaId: "35D36707-03B7-437C-B21D-A27D5C530117", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*", matchCriteriaId: "5FCCD8F3-E667-42F2-9861-14EDFB16583A", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.2.3:*:*:*:*:*:*:*", matchCriteriaId: "6F3CEF46-C95D-493B-A99B-7C90FDF27B47", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.2.4:*:*:*:*:*:*:*", matchCriteriaId: "1629D696-BD68-4C4F-B6CE-885AD670A12A", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.2.5:*:*:*:*:*:*:*", matchCriteriaId: "F87B9AD8-CF70-4CA9-A655-838B1D7AD056", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.2.6:*:*:*:*:*:*:*", matchCriteriaId: "EB471265-C399-49D4-8CA2-5FC1C85C6F19", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.2.7:*:*:*:*:*:*:*", matchCriteriaId: "E8F7FF5E-EBD0-415E-BFA1-6AF1527F1174", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "822307DD-7F7D-44C2-9C4B-CB8704663410", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.3.0:preview1:*:*:*:*:*:*", matchCriteriaId: "A2D62AC9-83B8-4C84-A47E-2B06C2816964", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.3.0:preview2:*:*:*:*:*:*", matchCriteriaId: "E583E49C-95B1-4AE4-AA7A-6D6BA7D470B4", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.3.1:*:*:*:*:*:*:*", matchCriteriaId: "5F197C5A-2588-417F-A743-E72D1E8EF4F7", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.3.2:*:*:*:*:*:*:*", matchCriteriaId: "FBA01BF1-91AD-4968-9AC2-A194FCD6AB76", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.3.3:*:*:*:*:*:*:*", matchCriteriaId: "B36CCD91-2A20-4C2E-96D5-73704DFC10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.3.4:*:*:*:*:*:*:*", matchCriteriaId: "485C401C-CC3B-4A74-82D6-F4539FFE48B8", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "F9E99F5A-E693-43E9-8AB3-A3FCB21BCF14", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.4.0:preview1:*:*:*:*:*:*", matchCriteriaId: "9DDA92E9-C9CF-47B9-B647-0202D493D057", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.4.0:preview2:*:*:*:*:*:*", matchCriteriaId: "A682A487-A615-404C-A7D9-A28C0C31B4E7", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.4.0:preview3:*:*:*:*:*:*", matchCriteriaId: "8930BA64-E9BC-42E0-9D74-8FA2ABD1F692", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.4.0:rc1:*:*:*:*:*:*", matchCriteriaId: "A87AE96A-F7FB-41A2-943C-DFAEA6D81446", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:*:*:*", matchCriteriaId: "946D2AB0-D334-4D94-BDA2-733BFC6C9E1E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.", }, { lang: "es", value: "El método decode en el módulo OpenSSL::ASN1 en Ruby en versiones anteriores a la 2.2.8, versiones 2.3.x anteriores a 2.3.5, y 2.4.x hasta la 2.4.1 permite que los atacantes provoquen una denegación de servicio (cierre inesperado del intérprete) mediante una string manipulada.", }, ], id: "CVE-2017-14033", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-09-19T17:29:00.327", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100868", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039363", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1042004", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2018:0378", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2018:0585", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201710-18", }, { source: "cve@mitre.org", url: "https://www.debian.org/security/2017/dsa-4031", }, { source: "cve@mitre.org", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100868", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039363", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1042004", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2018:0378", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2018:0585", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201710-18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.debian.org/security/2017/dsa-4031", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-11-03 16:55
Modified
2025-04-12 10:46
Severity ?
Summary
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opensuse | opensuse | 12.3 | |
| opensuse | opensuse | 13.1 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 14.10 | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 1.9.3 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.0.0 | |
| ruby-lang | ruby | 2.1.1 | |
| ruby-lang | ruby | 2.1.2 | |
| ruby-lang | ruby | 2.1.3 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", matchCriteriaId: "DFBF430B-0832-44B0-AA0E-BA9E467F7668", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", matchCriteriaId: "A10BC294-9196-425F-9FB0-B1625465B47F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", matchCriteriaId: "F5D324C4-97C7-49D3-A809-9EAD4B690C69", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", matchCriteriaId: "49A63F39-30BE-443F-AF10-6245587D3359", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:p550:*:*:*:*:*:*", matchCriteriaId: "1C6F683D-B441-4778-B02E-F9A33ADD6597", versionEndIncluding: "1.9.3", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*", matchCriteriaId: "D0535DC9-EB0E-4745-80AC-4A020DF26E38", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*", matchCriteriaId: "94F5AA37-B466-4E2E-B217-5119BADDD87B", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*", matchCriteriaId: "6DF0F0F5-4022-4837-9B40-4B1127732CC9", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*", matchCriteriaId: "B3848B08-85C2-4AAD-AA33-CCEB80EF5B32", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*", matchCriteriaId: "B7927D40-2A3A-43AD-99F6-CE61882A1FF4", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*", matchCriteriaId: "AA406EC6-6CA5-40A6-A879-AA8940CBEF07", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p385:*:*:*:*:*:*", matchCriteriaId: "1D041884-3921-4466-9A48-F644FDDA9D50", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p392:*:*:*:*:*:*", matchCriteriaId: "397A2EA7-6F83-427B-8578-3794EBF04849", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p426:*:*:*:*:*:*", matchCriteriaId: "298A5681-F756-4952-A9F8-E4C76736DF8F", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p429:*:*:*:*:*:*", matchCriteriaId: "BC5A12F7-47E2-4AC7-A41B-F4B01319002D", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p448:*:*:*:*:*:*", matchCriteriaId: "B56582F2-0D51-4FAD-888F-3342B229A557", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p545:*:*:*:*:*:*", matchCriteriaId: "F3ADD67F-D944-461F-94DA-E00D3556416F", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p547:*:*:*:*:*:*", matchCriteriaId: "93AA1766-1936-4704-A3D0-D4F280373D1C", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B03B7561-A854-4EFA-9E4E-CFC4EEAE4EE1", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*", matchCriteriaId: "D2423B85-0971-42AC-8B64-819008BC5778", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*", matchCriteriaId: "1C663278-3B2A-4B7C-959A-2AA804467F21", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*", matchCriteriaId: "B7927149-A76A-48BC-8405-7375FC7D7486", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p451:*:*:*:*:*:*", matchCriteriaId: "46485519-C2FB-4767-B699-9F51FDCF29E5", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p481:*:*:*:*:*:*", matchCriteriaId: "19CF27FB-DCF5-4533-B309-55615AE21A63", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p576:*:*:*:*:*:*", matchCriteriaId: "B9865DD1-F2AF-40B6-848A-EA9FD37034DD", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "8DF046E4-503B-4A10-BEAB-3144BD86EA49", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*", matchCriteriaId: "9FCA45F1-3038-413A-B8C3-EE366A4E6248", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*", matchCriteriaId: "FF6AF5E3-4EB8-48A3-B8E9-C79C08C38994", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.", }, { lang: "es", value: "El analizador REXML en Ruby 1.9.x anterior a 1.9.3-p550, 2.0.x anterior a 2.0.0-p594, y 2.1.x anterior a 2.1.4 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de un documento XML manipulado, también conocido como un ataque de la expansión de entidad XML (XEE).", }, ], evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/611.html\" target=\"_blank\">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>", id: "CVE-2014-8080", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-11-03T16:55:07.790", references: [ { source: "cve@mitre.org", url: "http://advisories.mageia.org/MGASA-2014-0443.html", }, { source: "cve@mitre.org", url: "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2014-1911.html", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2014-1912.html", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2014-1913.html", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2014-1914.html", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/61607", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/62050", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/62748", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2015/dsa-3157", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2015/dsa-3159", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:129", }, { source: "cve@mitre.org", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/70935", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-2397-1", }, { source: "cve@mitre.org", url: "https://support.apple.com/HT205267", }, { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://advisories.mageia.org/MGASA-2014-0443.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2014-1911.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2014-1912.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2014-1913.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2014-1914.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/61607", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/62050", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/62748", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2015/dsa-3157", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2015/dsa-3159", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:129", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/70935", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2397-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.apple.com/HT205267", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-10-01 05:17
Modified
2025-04-09 00:30
Severity ?
Summary
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:*:*:*:*:*:*:*", matchCriteriaId: "C80BDE13-9CBB-4A5F-9BF4-BEB907CED271", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*", matchCriteriaId: "876B2575-4F81-4A70-9A88-9BEE44649626", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.", }, { lang: "es", value: "El método connect en lib/net/http.rb en las bibliotecas (1) Net::HTTP y (2) Net::HTTPS de Ruby 1.8.5 y 1.8.6 no verifica que el campo commonName (CN) en un certificado de servidor concuerde con el nombre de dominio de una petición HTTPS, lo cual facilita a atacantes remotos interceptar transmisiones SSL mediante un ataque de \"hombre en medio\" (man-in-the-middle) o sitio web falsificado.\r\n", }, ], id: "CVE-2007-5162", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2007-10-01T05:17:00.000", references: [ { source: "cve@mitre.org", url: "http://secunia.com/advisories/26985", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/27044", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/27432", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/27576", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/27673", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/27756", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/27764", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/27769", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/27818", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/28645", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/29556", }, { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/3180", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13499", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13500", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13502", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13504", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2007/dsa-1410", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2007/dsa-1411", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2007/dsa-1412", }, { source: "cve@mitre.org", url: "http://www.isecpartners.com/advisories/2007-006-rubyssl.txt", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:029", }, { source: "cve@mitre.org", url: "http://www.novell.com/linux/security/advisories/2007_24_sr.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2007-0961.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2007-0965.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/480987/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/483577/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/25847", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/usn-596-1", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2007/3340", }, { source: "cve@mitre.org", url: "https://bugzilla.redhat.com/show_bug.cgi?id=313791", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36861", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10738", }, { source: "cve@mitre.org", url: "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00087.html", }, { source: "cve@mitre.org", url: "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00097.html", }, { source: "cve@mitre.org", url: "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00391.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/26985", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/27044", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/27432", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/27576", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/27673", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/27756", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/27764", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/27769", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/27818", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/28645", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/29556", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/3180", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13499", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13500", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13502", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13504", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2007/dsa-1410", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2007/dsa-1411", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2007/dsa-1412", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.isecpartners.com/advisories/2007-006-rubyssl.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:029", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2007_24_sr.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2007-0961.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2007-0965.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/480987/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/483577/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/25847", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/usn-596-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/3340", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=313791", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36861", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10738", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00087.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00097.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00391.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-09-29 03:15
Modified
2024-11-21 02:48
Severity ?
Summary
An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.talosintelligence.com/reports/TALOS-2016-0032/ | Exploit, Third Party Advisory | |
| cret@cert.org | https://lists.debian.org/debian-lts-announce/2020/03/msg00032.html | Mailing List, Third Party Advisory | |
| cret@cert.org | https://security.netapp.com/advisory/ntap-20221228-0005/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.talosintelligence.com/reports/TALOS-2016-0032/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/03/msg00032.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20221228-0005/ | Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*", matchCriteriaId: "5FCCD8F3-E667-42F2-9861-14EDFB16583A", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "822307DD-7F7D-44C2-9C4B-CB8704663410", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer \"head\" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow.", }, { lang: "es", value: "Se presenta una vulnerabilidad de desbordamiento de pila explotable en la función Psych::Emitter start_document de Ruby. En la función Psych::Emitter start_document la asignación de \"head\" del buffer de heap es realizada en base a la longitud del array de etiquetas. Un objeto especialmente construido que es pasado como elemento de la matriz de etiquetas puede aumentar el tamaño de esta matriz después de la asignación mencionada y causar un desbordamiento de la pila", }, ], id: "CVE-2016-2338", lastModified: "2024-11-21T02:48:15.353", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-09-29T03:15:11.470", references: [ { source: "cret@cert.org", tags: [ "Exploit", "Third Party Advisory", ], url: "http://www.talosintelligence.com/reports/TALOS-2016-0032/", }, { source: "cret@cert.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00032.html", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221228-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "http://www.talosintelligence.com/reports/TALOS-2016-0032/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00032.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221228-0005/", }, ], sourceIdentifier: "cret@cert.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-03-02 20:00
Modified
2025-04-11 00:51
Severity ?
Summary
The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*", matchCriteriaId: "876B2575-4F81-4A70-9A88-9BEE44649626", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*", matchCriteriaId: "2D86FC99-3521-4E22-8FD3-65CEB05A6342", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.8:dev:*:*:*:*:*:*", matchCriteriaId: "3FAFAB6A-3299-4BEE-BDB9-3918DDA5D3DB", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*", matchCriteriaId: "C78BB1D8-0505-484D-B824-1AA219F8B247", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*", matchCriteriaId: "5178D04D-1C29-4353-8987-559AA07443EC", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:dev:*:*:*:*:*:*", matchCriteriaId: "02941FD6-BF48-4435-AAB0-BC26C1805293", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack.", }, { lang: "es", value: "El método FileUtils.remove_entry_secure de Ruby 1.8.6 hasta la versión 1.8.6-420, 1.8.7 hasta la 1.8.7-330, 1.8.8dev, 1.9.1 hasta la 1.9.1-430, 1.9.2 hasta la 1.9.2-136 y 1.9.3dev permite a usuarios locales borrar archivos de su elección a través de un enlace de ataque simbólico (\"symlink attack\").", }, ], id: "CVE-2011-1004", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.3, confidentialityImpact: "NONE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:N/C:N/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 9.2, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-03-02T20:00:01.863", references: [ { source: "secalert@redhat.com", url: "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054422.html", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054436.html", }, { source: "secalert@redhat.com", url: "http://osvdb.org/70958", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/43434", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/43573", }, { source: "secalert@redhat.com", url: "http://support.apple.com/kb/HT5281", }, { source: "secalert@redhat.com", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:097", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2011/02/21/2", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2011/02/21/5", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2011-0909.html", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2011-0910.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2011/02/18/fileutils-is-vulnerable-to-symlink-race-attacks/", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/46460", }, { source: "secalert@redhat.com", url: "http://www.vupen.com/english/advisories/2011/0539", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=678913", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054422.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054436.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/70958", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/43434", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/43573", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.apple.com/kb/HT5281", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:097", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2011/02/21/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2011/02/21/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2011-0909.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2011-0910.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2011/02/18/fileutils-is-vulnerable-to-symlink-race-attacks/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/46460", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2011/0539", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=678913", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-59", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-11-28 13:03
Modified
2025-04-11 00:51
Severity ?
Summary
Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:p286:*:*:*:*:*:*", matchCriteriaId: "A45A2FA0-5451-4A6D-8301-B60645354AA5", versionEndIncluding: "1.9.3", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*", matchCriteriaId: "D9237145-35F8-4E05-B730-77C0F386E5B2", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*", matchCriteriaId: "C78BB1D8-0505-484D-B824-1AA219F8B247", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*", matchCriteriaId: "5178D04D-1C29-4353-8987-559AA07443EC", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*", matchCriteriaId: "D0535DC9-EB0E-4745-80AC-4A020DF26E38", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*", matchCriteriaId: "94F5AA37-B466-4E2E-B217-5119BADDD87B", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*", matchCriteriaId: "6DF0F0F5-4022-4837-9B40-4B1127732CC9", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*", matchCriteriaId: "B3848B08-85C2-4AAD-AA33-CCEB80EF5B32", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*", matchCriteriaId: "90E0471D-1323-4E67-B66C-DEBF3BBAEEAA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.", }, { lang: "es", value: "Ruby (también conocido como CRuby) v1.9 anteriores a v1.9.3-p327 y v2.0 anteriores a r37575 calcula los valores de hash sin restringir la posibilidad de provocar colisiones hash previsibles, lo que permite a atacantes dependientes de contexto provocar una denegación de servicio (consumo de CPU) a través de la manipulación de una entrada para la aplicación que mantiene la tabla de valores hash, como lo demuestra un ataque universal multicolision contra una variante del algoritmo MurmurHash2, una vulnerabilidad diferente a CVE-2011-4815.", }, ], id: "CVE-2012-5371", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-11-28T13:03:10.153", references: [ { source: "cve@mitre.org", url: "http://2012.appsec-forum.ch/conferences/#c17", }, { source: "cve@mitre.org", url: "http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/51253", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://securitytracker.com/id?1027747", }, { source: "cve@mitre.org", url: "http://www.ocert.org/advisories/ocert-2012-001.html", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/87280", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371/", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/56484", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-1733-1", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=875236", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79993", }, { source: "cve@mitre.org", url: "https://www.131002.net/data/talks/appsec12_slides.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://2012.appsec-forum.ch/conferences/#c17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/51253", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://securitytracker.com/id?1027747", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ocert.org/advisories/ocert-2012-001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/87280", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/56484", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-1733-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=875236", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79993", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.131002.net/data/talks/appsec12_slides.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-310", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-21 07:15
Modified
2024-11-21 06:00
Severity ?
Summary
The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:rexml:*:*:*:*:*:ruby:*:*", matchCriteriaId: "F9707003-AB06-4BEB-AA2B-3D90BCDD5ED4", versionEndExcluding: "3.2.5", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "1319FB03-146B-4D3E-AF94-6E6297022DAF", versionEndExcluding: "2.6.7", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "71E99C67-E4BC-46AC-9D2C-55454E6ACAB0", versionEndExcluding: "2.7.3", versionStartIncluding: "2.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "D2EA779B-7F5D-4E60-95BB-2D565591F673", versionEndExcluding: "3.0.1", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.", }, { lang: "es", value: "El REXML gem versiones anteriores a 3.2.5 en Ruby versiones anteriores a 2.6.7, versiones 2.7.x anteriores a 2.7.3 y versiones 3.x anteriores a 3.0.1, no aborda apropiadamente los problemas round-trip de XML. Puede ser producido un documento incorrecto después de analizarlo y serializarlo", }, ], id: "CVE-2021-28965", lastModified: "2024-11-21T06:00:27.733", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-21T07:15:07.677", references: [ { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTVFTLFVCSUE5CXHINJEUCKSHU4SWDMT/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210528-0003/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTVFTLFVCSUE5CXHINJEUCKSHU4SWDMT/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210528-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-04-25 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| documentcloud | karteek-docsplit | 0.5.4 | |
| ruby-lang | ruby | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:documentcloud:karteek-docsplit:0.5.4:*:*:*:*:*:*:*", matchCriteriaId: "95C48293-8D52-46CE-AB0C-00295AECE368", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "264DD094-A8CD-465D-B279-C834DDA5F79C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename.", }, { lang: "es", value: "La función extract_from_ocr en lib/docsplit/text_extractor.rb en el Karteek Docsplit (karteek-docsplit) v0.5.4 para Ruby permite a atacantes dependientes de contexto para ejecutar comandos arbitrarios vía metacaracteres de shell en un nombre de archivo PDF.", }, ], id: "CVE-2013-1933", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-04-25T23:55:01.570", references: [ { source: "secalert@redhat.com", url: "http://osvdb.org/92117", }, { source: "secalert@redhat.com", url: "http://vapid.dhs.org/advisories/karteek-docsplit-cmd-inject.html", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2013/04/08/15", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/83277", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/92117", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://vapid.dhs.org/advisories/karteek-docsplit-cmd-inject.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2013/04/08/15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/83277", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-03-11 19:37
Modified
2025-04-12 10:46
Severity ?
Summary
Directory traversal vulnerability in controller/concerns/render_redirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F (encoded dot dot slash) in the step.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| schneems | wicked | * | |
| schneems | wicked | 0.0.1 | |
| schneems | wicked | 0.0.2 | |
| schneems | wicked | 0.1.0 | |
| schneems | wicked | 0.1.1 | |
| schneems | wicked | 0.1.2 | |
| schneems | wicked | 0.1.3 | |
| schneems | wicked | 0.1.4 | |
| schneems | wicked | 0.1.5 | |
| schneems | wicked | 0.1.6 | |
| schneems | wicked | 0.2.0 | |
| schneems | wicked | 0.3.0 | |
| schneems | wicked | 0.3.1 | |
| schneems | wicked | 0.3.2 | |
| schneems | wicked | 0.3.3 | |
| schneems | wicked | 0.3.4 | |
| schneems | wicked | 0.4.0 | |
| schneems | wicked | 0.5.0 | |
| schneems | wicked | 0.6.0 | |
| schneems | wicked | 0.6.1 | |
| ruby-lang | ruby | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:schneems:wicked:*:*:*:*:*:ruby:*:*", matchCriteriaId: "7BB24A72-A86D-4C16-BAC7-CE3F433A8C0C", versionEndIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:schneems:wicked:0.0.1:*:*:*:*:ruby:*:*", matchCriteriaId: "11C26B86-CDFA-45F3-BD36-E37C3446F9DD", vulnerable: true, }, { criteria: "cpe:2.3:a:schneems:wicked:0.0.2:*:*:*:*:ruby:*:*", matchCriteriaId: "45008888-E02B-4832-B268-733849D30412", vulnerable: true, }, { criteria: "cpe:2.3:a:schneems:wicked:0.1.0:*:*:*:*:ruby:*:*", matchCriteriaId: "24678459-FB79-4DE2-9B93-6678C0E59E91", vulnerable: true, }, { criteria: "cpe:2.3:a:schneems:wicked:0.1.1:*:*:*:*:ruby:*:*", matchCriteriaId: "9575E1DD-F8FD-4D30-94FC-0903A5C880C1", vulnerable: true, }, { criteria: "cpe:2.3:a:schneems:wicked:0.1.2:*:*:*:*:ruby:*:*", matchCriteriaId: "1D406277-1F89-4B5B-B2DE-FF875F16045E", vulnerable: true, }, { criteria: "cpe:2.3:a:schneems:wicked:0.1.3:*:*:*:*:ruby:*:*", matchCriteriaId: "06B2A5FC-F95C-4645-9944-1556441EFCE3", vulnerable: true, }, { criteria: "cpe:2.3:a:schneems:wicked:0.1.4:*:*:*:*:ruby:*:*", matchCriteriaId: "EAEC4F02-2F65-4102-9C20-FD09439340FB", vulnerable: true, }, { criteria: "cpe:2.3:a:schneems:wicked:0.1.5:*:*:*:*:ruby:*:*", matchCriteriaId: "8012CC6B-147B-4098-AEF5-273662549248", vulnerable: true, }, { criteria: "cpe:2.3:a:schneems:wicked:0.1.6:*:*:*:*:ruby:*:*", matchCriteriaId: "02949A0C-52BA-4519-9236-116062644E13", vulnerable: true, }, { criteria: "cpe:2.3:a:schneems:wicked:0.2.0:*:*:*:*:ruby:*:*", matchCriteriaId: "1076DC7A-C9FE-4D59-9E83-F018FDAC67F4", vulnerable: true, }, { criteria: "cpe:2.3:a:schneems:wicked:0.3.0:*:*:*:*:ruby:*:*", matchCriteriaId: "A97B76A9-B09F-4014-9C70-49642C04A375", vulnerable: true, }, { criteria: "cpe:2.3:a:schneems:wicked:0.3.1:*:*:*:*:ruby:*:*", matchCriteriaId: "B9680911-AD8E-4B3E-A766-3EC01C8ED64E", vulnerable: true, }, { criteria: "cpe:2.3:a:schneems:wicked:0.3.2:*:*:*:*:ruby:*:*", matchCriteriaId: "B040BF93-15A9-4500-86A3-573D2FEA1BE0", vulnerable: true, }, { criteria: "cpe:2.3:a:schneems:wicked:0.3.3:*:*:*:*:ruby:*:*", matchCriteriaId: "09E23352-72CD-4B0A-89A4-DE01A0F82E57", vulnerable: true, }, { criteria: "cpe:2.3:a:schneems:wicked:0.3.4:*:*:*:*:ruby:*:*", matchCriteriaId: "8B3F55EB-B6CC-4AE7-8935-CE0F2BFB10A3", vulnerable: true, }, { criteria: "cpe:2.3:a:schneems:wicked:0.4.0:*:*:*:*:ruby:*:*", matchCriteriaId: "EF94B020-F2D9-4F78-A924-28EFFEA7D1D9", vulnerable: true, }, { criteria: "cpe:2.3:a:schneems:wicked:0.5.0:*:*:*:*:ruby:*:*", matchCriteriaId: "C9288672-11DB-4F74-A6A1-61C2BE06C685", vulnerable: true, }, { criteria: "cpe:2.3:a:schneems:wicked:0.6.0:*:*:*:*:ruby:*:*", matchCriteriaId: "82C3CCAE-F8EB-4AFD-8392-22685DB19428", vulnerable: true, }, { criteria: "cpe:2.3:a:schneems:wicked:0.6.1:*:*:*:*:ruby:*:*", matchCriteriaId: "7956F067-453E-438E-A330-B0B4CB03265E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "264DD094-A8CD-465D-B279-C834DDA5F79C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in controller/concerns/render_redirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F (encoded dot dot slash) in the step.", }, { lang: "es", value: "Vulnerabilidad de salto de directorio en controller/concerns/render_redirect.rb en la gema Wicked anterior a 1.0.1 para Ruby permite a atacantes remotos leer archivos arbitrarios a través de un %2E%2E%2F (punto punto barra codificado) en el paso.", }, ], id: "CVE-2013-4413", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-03-11T19:37:02.880", references: [ { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://seclists.org/oss-sec/2013/q4/43", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/55151", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/62891", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/87783", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", ], url: "https://github.com/schneems/wicked/commit/fe31bb2533fffc9d098c69ebeb7afc3b80509f53", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://seclists.org/oss-sec/2013/q4/43", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/55151", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/62891", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/87783", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "https://github.com/schneems/wicked/commit/fe31bb2533fffc9d098c69ebeb7afc3b80509f53", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-06-11 21:30
Modified
2025-04-09 00:30
Severity ?
Summary
The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*", matchCriteriaId: "876B2575-4F81-4A70-9A88-9BEE44649626", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*", matchCriteriaId: "2D86FC99-3521-4E22-8FD3-65CEB05A6342", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type.", }, { lang: "es", value: "La librería BigDecimal en Ruby v1.8.6 anteriores p369 y v1.8.7, anteriores a p173 permite a los atacantes dependientes del contexto causar una denegación de servicio (caída de la aplicación) a través de un argumento de cadena de caracteres que representa un número largo, como se demuestra por un intento de conversión al tipo de dato Float.", }, ], id: "CVE-2009-1904", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-06-11T21:30:00.217", references: [ { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532689", }, { source: "cve@mitre.org", url: "http://bugs.gentoo.org/show_bug.cgi?id=273213", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://github.com/NZKoz/bigdecimal-segfault-fix/tree/master", }, { source: "cve@mitre.org", url: "http://groups.google.com/group/rubyonrails-security/msg/fad60751e2b9b4f6?dmode=source", }, { source: "cve@mitre.org", url: "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", }, { source: "cve@mitre.org", url: "http://mail-index.netbsd.org/pkgsrc-changes/2009/06/10/msg024708.html", }, { source: "cve@mitre.org", url: "http://osvdb.org/55031", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", ], url: "http://redmine.ruby-lang.org/issues/show/794", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/35399", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/35527", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/35593", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/35699", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/35937", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/37705", }, { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-200906-02.xml", }, { source: "cve@mitre.org", url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.430805", }, { source: "cve@mitre.org", url: "http://support.apple.com/kb/HT4077", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://weblog.rubyonrails.org/2009/6/10/dos-vulnerability-in-ruby/", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:160", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2009-1140.html", }, { source: "cve@mitre.org", url: "http://www.ruby-forum.com/topic/189071", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/35278", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id?1022371", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-805-1", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2009/1563", }, { source: "cve@mitre.org", url: "https://bugs.launchpad.net/bugs/385436", }, { source: "cve@mitre.org", url: "https://bugs.launchpad.net/bugs/cve/2009-1904", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/51032", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9780", }, { source: "cve@mitre.org", url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00731.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532689", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugs.gentoo.org/show_bug.cgi?id=273213", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://github.com/NZKoz/bigdecimal-segfault-fix/tree/master", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://groups.google.com/group/rubyonrails-security/msg/fad60751e2b9b4f6?dmode=source", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://mail-index.netbsd.org/pkgsrc-changes/2009/06/10/msg024708.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/55031", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "http://redmine.ruby-lang.org/issues/show/794", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/35399", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/35527", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/35593", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/35699", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/35937", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/37705", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200906-02.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.430805", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.apple.com/kb/HT4077", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://weblog.rubyonrails.org/2009/6/10/dos-vulnerability-in-ruby/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:160", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2009-1140.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ruby-forum.com/topic/189071", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/35278", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1022371", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-805-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2009/1563", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugs.launchpad.net/bugs/385436", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugs.launchpad.net/bugs/cve/2009-1904", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/51032", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9780", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00731.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-189", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-08-31 17:29
Modified
2025-04-20 01:37
Severity ?
Summary
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | * | |
| ruby-lang | ruby | 2.3.0 | |
| ruby-lang | ruby | 2.3.0 | |
| ruby-lang | ruby | 2.3.0 | |
| ruby-lang | ruby | 2.3.1 | |
| ruby-lang | ruby | 2.3.2 | |
| ruby-lang | ruby | 2.3.3 | |
| ruby-lang | ruby | 2.3.4 | |
| ruby-lang | ruby | 2.4.0 | |
| ruby-lang | ruby | 2.4.0 | |
| ruby-lang | ruby | 2.4.0 | |
| ruby-lang | ruby | 2.4.0 | |
| ruby-lang | ruby | 2.4.0 | |
| ruby-lang | ruby | 2.4.1 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.4 | |
| redhat | enterprise_linux_server_aus | 7.6 | |
| redhat | enterprise_linux_server_eus | 7.4 | |
| redhat | enterprise_linux_server_eus | 7.5 | |
| redhat | enterprise_linux_server_eus | 7.6 | |
| redhat | enterprise_linux_server_tus | 7.4 | |
| redhat | enterprise_linux_server_tus | 7.6 | |
| redhat | enterprise_linux_workstation | 7.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "20D4B423-C141-4B08-9FE4-2ADCB868A224", versionEndIncluding: "2.2.7", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "822307DD-7F7D-44C2-9C4B-CB8704663410", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.3.0:preview1:*:*:*:*:*:*", matchCriteriaId: "A2D62AC9-83B8-4C84-A47E-2B06C2816964", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.3.0:preview2:*:*:*:*:*:*", matchCriteriaId: "E583E49C-95B1-4AE4-AA7A-6D6BA7D470B4", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.3.1:*:*:*:*:*:*:*", matchCriteriaId: "5F197C5A-2588-417F-A743-E72D1E8EF4F7", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.3.2:*:*:*:*:*:*:*", matchCriteriaId: "FBA01BF1-91AD-4968-9AC2-A194FCD6AB76", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.3.3:*:*:*:*:*:*:*", matchCriteriaId: "B36CCD91-2A20-4C2E-96D5-73704DFC10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.3.4:*:*:*:*:*:*:*", matchCriteriaId: "485C401C-CC3B-4A74-82D6-F4539FFE48B8", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "F9E99F5A-E693-43E9-8AB3-A3FCB21BCF14", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.4.0:preview1:*:*:*:*:*:*", matchCriteriaId: "9DDA92E9-C9CF-47B9-B647-0202D493D057", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.4.0:preview2:*:*:*:*:*:*", matchCriteriaId: "A682A487-A615-404C-A7D9-A28C0C31B4E7", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.4.0:preview3:*:*:*:*:*:*", matchCriteriaId: "8930BA64-E9BC-42E0-9D74-8FA2ABD1F692", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.4.0:rc1:*:*:*:*:*:*", matchCriteriaId: "A87AE96A-F7FB-41A2-943C-DFAEA6D81446", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.4.1:*:*:*:*:*:*:*", matchCriteriaId: "946D2AB0-D334-4D94-BDA2-733BFC6C9E1E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", matchCriteriaId: "9070C9D8-A14A-467F-8253-33B966C16886", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "D99A687E-EAE6-417E-A88E-D0082BC194CD", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B353CE99-D57C-465B-AAB0-73EF581127D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", matchCriteriaId: "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "BF77CDCF-B9C9-427D-B2BF-36650FB2148C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "D5F7E11E-FB34-4467-8919-2B6BEAABF665", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len.", }, { lang: "es", value: "Ruby hasta la versión 2.2.7, 2.3.x hasta la 2.3.4, y 2.4.x hasta la 2.4.1 puede exponer memoria arbitraria durante una llamada JSON.generate. Los problemas surgen al usar strdup en ext/json/ext/generator/generator.c, el cual se detendría después de encontrar un byte '\\0', devolviendo un puntero a un string de longitud cero, que no es la longitud almacenada en space_len.", }, ], id: "CVE-2017-14064", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-08-31T17:29:00.183", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100890", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039363", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1042004", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:3485", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:0378", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:0585", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugs.ruby-lang.org/issues/13853", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://hackerone.com/reports/209949", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201710-18", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3685-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2017/dsa-3966", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100890", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039363", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1042004", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:3485", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:0378", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:0583", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:0585", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugs.ruby-lang.org/issues/13853", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://hackerone.com/reports/209949", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201710-18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3685-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2017/dsa-3966", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-04-03 22:29
Modified
2024-11-21 04:14
Severity ?
Summary
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | 2.6.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "FDA970A9-AD36-44E1-B2CA-653A29A917FB", versionEndExcluding: "2.2.10", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "17DC7068-E1B8-4699-BDE0-14305D35D24B", versionEndExcluding: "2.3.7", versionStartIncluding: "2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "7172D61A-F82C-4EB5-9763-611CFE08A09B", versionEndExcluding: "2.4.4", versionStartIncluding: "2.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "4A56E97B-C7E3-48AC-AAEF-4FA056276D03", versionEndExcluding: "2.5.1", versionStartIncluding: "2.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1:*:*:*:*:*:*", matchCriteriaId: "787FDFC6-E780-4F95-9E46-C5CF77E7EBC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", matchCriteriaId: "9070C9D8-A14A-467F-8253-33B966C16886", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.", }, { lang: "es", value: "En Ruby, en versiones anteriores a la 2.2.10, versiones 2.3.x anteriores a la 2.3.7, versiones 2.4.x anteriores a la 2.4.4, versiones 2.5.x anteriores a la 2.5.1 y la versión 2.6.0-preview1, los métodos Dir.open, Dir.new, Dir.entries y Dir.empty? no comprueban los caracteres NULL. Al emplear el método correspondiente, podría realizarse un salto de directorio no intencionado.", }, ], id: "CVE-2018-8780", lastModified: "2024-11-21T04:14:17.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-03T22:29:00.947", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103739", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1042004", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2019:2028", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2020:0542", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2020:0591", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2020:0663", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3626-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4259", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103739", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1042004", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3729", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3730", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3731", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2019:2028", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2020:0542", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2020:0591", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2020:0663", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3626-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4259", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-07-09 00:41
Modified
2025-04-09 00:30
Severity ?
Summary
Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:fedora_8:1.8.6.230:*:*:*:*:*:*:*", matchCriteriaId: "6ACD50EB-CCC6-4D91-BF65-9EA96422393C", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6.230:*:*:*:*:*:*:*", matchCriteriaId: "F05E84E7-AE21-4AA4-A595-459F4B87901B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows.", }, { lang: "es", value: "Desbordamiento de entero en la función rb_ary_fill en array.c en Ruby antes de la revisión 17756 que permite a los atacantes dependientes de contesto causar una denegación de servicios (caída) o posiblemente otro impacto no especificado a través de la llamada al método Arrray#fill con un argumento de entrada (alias beg) mayor que ARY_MAX_SIZE NOTA: esto existe por un parche incompleto para otros desbordamientos de enteros", }, ], id: "CVE-2008-2376", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-07-09T00:41:00.000", references: [ { source: "secalert@redhat.com", url: "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/30927", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/31006", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/31062", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/31090", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/31181", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/31256", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/32219", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/33178", }, { source: "secalert@redhat.com", url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { source: "secalert@redhat.com", url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17756", }, { source: "secalert@redhat.com", url: "http://wiki.rpath.com/Advisories:rPSA-2008-0218", }, { source: "secalert@redhat.com", url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0218", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2008/dsa-1612", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2008/dsa-1618", }, { source: "secalert@redhat.com", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { source: "secalert@redhat.com", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { source: "secalert@redhat.com", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2008/07/02/3", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2008-0561.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/archive/1/494104/100/0/threaded", }, { source: "secalert@redhat.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA08-260A.html", }, { source: "secalert@redhat.com", url: "http://www.vupen.com/english/advisories/2008/2584", }, { source: "secalert@redhat.com", url: "https://issues.rpath.com/browse/RPL-2639", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9863", }, { source: "secalert@redhat.com", url: "https://usn.ubuntu.com/651-1/", }, { source: "secalert@redhat.com", url: "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00112.html", }, { source: "secalert@redhat.com", url: "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00161.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/30927", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/31006", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/31062", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/31090", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/31181", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/31256", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/32219", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/33178", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17756", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://wiki.rpath.com/Advisories:rPSA-2008-0218", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0218", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2008/dsa-1612", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2008/dsa-1618", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2008/07/02/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2008-0561.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/494104/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA08-260A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/2584", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://issues.rpath.com/browse/RPL-2639", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9863", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/651-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00112.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00161.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-189", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-07-30 14:15
Modified
2024-11-21 06:00
Severity ?
Summary
In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://hackerone.com/reports/1131465 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20210902-0004/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/1131465 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210902-0004/ | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "E86E8BB6-83E7-47D6-80B2-BEFDA6A8D08D", versionEndExcluding: "2.7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "D2EA779B-7F5D-4E60-95BB-2D565591F673", versionEndExcluding: "3.0.1", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir.", }, { lang: "es", value: "En Ruby versiones hasta 3.0 en Windows, un atacante remoto puede enviar una ruta diseñada cuando una aplicación web maneja un parámetro con TmpDir", }, ], id: "CVE-2021-28966", lastModified: "2024-11-21T06:00:27.910", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-07-30T14:15:16.303", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://hackerone.com/reports/1131465", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210902-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://hackerone.com/reports/1131465", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210902-0004/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-08-13 01:41
Modified
2025-04-09 00:30
Severity ?
Summary
Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | * | |
| ruby-lang | ruby | 1.6.8 | |
| ruby-lang | ruby | 1.8.0 | |
| ruby-lang | ruby | 1.8.1 | |
| ruby-lang | ruby | 1.8.1 | |
| ruby-lang | ruby | 1.8.2 | |
| ruby-lang | ruby | 1.8.2 | |
| ruby-lang | ruby | 1.8.2 | |
| ruby-lang | ruby | 1.8.2 | |
| ruby-lang | ruby | 1.8.3 | |
| ruby-lang | ruby | 1.8.3 | |
| ruby-lang | ruby | 1.8.3 | |
| ruby-lang | ruby | 1.8.3 | |
| ruby-lang | ruby | 1.8.4 | |
| ruby-lang | ruby | 1.8.4 | |
| ruby-lang | ruby | 1.8.4 | |
| ruby-lang | ruby | 1.8.4 | |
| ruby-lang | ruby | 1.8.5 | |
| ruby-lang | ruby | 1.8.5 | |
| ruby-lang | ruby | 1.8.5 | |
| ruby-lang | ruby | 1.8.5 | |
| ruby-lang | ruby | 1.8.5 | |
| ruby-lang | ruby | 1.8.5 | |
| ruby-lang | ruby | 1.8.5 | |
| ruby-lang | ruby | 1.8.5 | |
| ruby-lang | ruby | 1.8.5 | |
| ruby-lang | ruby | 1.8.5 | |
| ruby-lang | ruby | 1.8.5 | |
| ruby-lang | ruby | 1.8.6 | |
| ruby-lang | ruby | 1.8.6 | |
| ruby-lang | ruby | 1.8.6 | |
| ruby-lang | ruby | 1.8.6 | |
| ruby-lang | ruby | 1.8.6 | |
| ruby-lang | ruby | 1.8.6 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.8.7 | |
| ruby-lang | ruby | 1.9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "9721AB68-8002-4F85-98BC-0E6FDF7CDF6C", versionEndIncluding: "1.8.5", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.6.8:*:*:*:*:*:*:*", matchCriteriaId: "46086C6A-9068-4959-BEE7-4D76BDEA3962", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*", matchCriteriaId: "16BDFA5C-35BE-4B7E-BD2D-C28B095F62E0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.1:*:*:*:*:*:*:*", matchCriteriaId: "31160797-6920-4BA1-B355-1CCD1FCDBFC8", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.1:-9:*:*:*:*:*:*", matchCriteriaId: "BC306E85-66D8-4384-BBC3-92DC99C85FC2", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.2:*:*:*:*:*:*:*", matchCriteriaId: "A5675C37-39EF-41EF-9A53-3FCE4CF23820", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.2:preview2:*:*:*:*:*:*", matchCriteriaId: "39609530-0A81-481E-BDA4-5A98327EAD11", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.2:preview3:*:*:*:*:*:*", matchCriteriaId: "C19ADE91-4D9E-43ED-A605-E504B9090119", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.2:preview4:*:*:*:*:*:*", matchCriteriaId: "D89E3027-C2ED-4CC6-86F5-1B791576B6EF", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.3:*:*:*:*:*:*:*", matchCriteriaId: "46F29ADA-E6DC-456F-9E63-C56C68EF7E5C", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.3:preview1:*:*:*:*:*:*", matchCriteriaId: "57B1C113-682E-4F7D-BCF0-E30C446C4AC7", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.3:preview2:*:*:*:*:*:*", matchCriteriaId: "4BAF9471-B532-4194-AB3C-5AA28432FF27", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.3:preview3:*:*:*:*:*:*", matchCriteriaId: "51BE9728-A5FE-486A-8DB9-711E46243132", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.4:*:*:*:*:*:*:*", matchCriteriaId: "7AC1B910-C0FA-4943-92B1-597842E84015", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.4:preview1:*:*:*:*:*:*", matchCriteriaId: "A78ECCA9-6F07-4A63-8BF7-8D40F2439552", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.4:preview2:*:*:*:*:*:*", matchCriteriaId: "14513719-4ED8-4EAB-B4D8-29849B868BA0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.4:preview3:*:*:*:*:*:*", matchCriteriaId: "92E3814D-BEEA-4E46-9CED-9D8059727D14", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:p11:*:*:*:*:*:*", matchCriteriaId: "CA7D3F32-EFB7-4628-9328-36C6A306B399", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:p113:*:*:*:*:*:*", matchCriteriaId: "D1A95E9F-AEC5-4AF9-B7D9-52DDDECB7E77", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:p115:*:*:*:*:*:*", matchCriteriaId: "9328DE73-420B-4280-85A4-ABEFC4679676", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:p12:*:*:*:*:*:*", matchCriteriaId: "0F382FBD-6163-4A5B-AEB3-A15A843329F1", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:p2:*:*:*:*:*:*", matchCriteriaId: "4399121F-9BC7-4A67-8B0B-ED3B94A16D56", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:p35:*:*:*:*:*:*", matchCriteriaId: "BFE61EB9-2544-4E48-B313-63A99F4F5241", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview1:*:*:*:*:*:*", matchCriteriaId: "6122187F-2371-429A-971B-419B4ACE8E18", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview2:*:*:*:*:*:*", matchCriteriaId: "8A42425D-FF21-4863-B43D-EE100DBE6BD7", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview3:*:*:*:*:*:*", matchCriteriaId: "06512108-020D-4D71-8F60-6AA2052D7D35", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview4:*:*:*:*:*:*", matchCriteriaId: "E2E152A5-F625-4061-AD8C-4CFA085B674F", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview5:*:*:*:*:*:*", matchCriteriaId: "756F5247-658C-412C-ACBF-CBE987DF748A", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*", matchCriteriaId: "876B2575-4F81-4A70-9A88-9BEE44649626", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:p110:*:*:*:*:*:*", matchCriteriaId: "DF02372D-FD0B-453F-821E-1E0BA7900711", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:p114:*:*:*:*:*:*", matchCriteriaId: "ACC0DB90-C072-4BCB-9082-94394F547D35", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1:*:*:*:*:*:*", matchCriteriaId: "04579340-B53F-47B5-99C9-B647AAA3D303", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2:*:*:*:*:*:*", matchCriteriaId: "9D7F4162-108A-470B-8E6B-C009E8C56AEF", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3:*:*:*:*:*:*", matchCriteriaId: "73AB0545-3D8D-4623-8381-D71DA44E3B5D", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*", matchCriteriaId: "2D86FC99-3521-4E22-8FD3-65CEB05A6342", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*", matchCriteriaId: "84A291B0-EABD-4572-B8E2-2457DBAEDC92", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*", matchCriteriaId: "1FE05F3A-A8B5-45EE-BF52-D55E2768F890", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*", matchCriteriaId: "0C6D66E2-3E10-4DEA-9E6B-53A5DE78AFCF", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*", matchCriteriaId: "4E37786B-5336-4182-A1E3-801BDB6F61EC", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*", matchCriteriaId: "349D014E-223A-46A7-8334-543DB330C215", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*", matchCriteriaId: "550EC183-43A1-4A63-A23C-A48C1F078451", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*", matchCriteriaId: "0ACECF59-AA88-4B5C-A671-83842C9CF072", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "52179EC7-CAF0-42AA-A21A-7105E10CA122", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.", }, { lang: "es", value: "Una vulnerabilidad de complejidad algorítmica en la función WEBrick::HTTPUtils.split_header_value en WEBrick::HTTP::DefaultFileHandler en WEBrick en Ruby versiones 1.8.5 y anteriores, versiones 1.8.6 hasta 1.8.6-p286, versiones 1.8.7 hasta 1.8.7-p71, y versiones 1.9 hasta r18423, permite a los atacantes dependiendo del contexto causar una denegación de servicio (consumo de CPU) por medio de una petición HTTP diseñada que se procesa mediante una expresión regular backtracking.", }, ], id: "CVE-2008-3656", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-08-13T01:41:00.000", references: [ { source: "cve@mitre.org", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401", }, { source: "cve@mitre.org", url: "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/31430", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/31697", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/32165", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/32219", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/32255", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/32256", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/32371", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/33178", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/35074", }, { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { source: "cve@mitre.org", url: "http://support.apple.com/kb/HT3549", }, { source: "cve@mitre.org", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", }, { source: "cve@mitre.org", url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2008/dsa-1651", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2008/dsa-1652", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/495884/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/30644", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id?1020654", }, { source: "cve@mitre.org", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-133A.html", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/2334", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2009/1297", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44371", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9682", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/651-1/", }, { source: "cve@mitre.org", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html", }, { source: "cve@mitre.org", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/31430", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/31697", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/32165", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/32219", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/32255", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/32256", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/32371", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/33178", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/35074", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.apple.com/kb/HT3549", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2008/dsa-1651", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2008/dsa-1652", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/495884/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/30644", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1020654", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-133A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/2334", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2009/1297", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44371", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9682", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/651-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-04 15:15
Modified
2024-11-21 04:56
Severity ?
Summary
An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | 2.7.0 | |
| linux | linux_kernel | - | |
| fedoraproject | fedora | 31 | |
| debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "8F9FF206-523F-4E17-8BDB-67677576B376", versionEndIncluding: "2.5.7", versionStartIncluding: "2.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "D4FC67C1-28AC-4E34-A89C-33892FF0BEA2", versionEndIncluding: "2.6.5", versionStartIncluding: "2.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.7.0:*:*:*:*:*:*:*", matchCriteriaId: "9E0F180A-5E99-4040-8D78-4A6A0CF97FEA", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.", }, { lang: "es", value: "Se descubrió un problema en Ruby versiones 2.5.x hasta 2.5.7, versiones 2.6.x hasta 2.6.5, y versión 2.7.0. Si una víctima llama a BasicSocket#read_nonblock(requested_size, buffer, exception: false), el método redimensiona el buffer para ajustarlo al tamaño requerido, pero ningún dato es copiado. Por lo tanto, la cadena del búfer proporciona el valor previo de la pila. Esto puede exponer datos posiblemente confidenciales del intérprete.", }, ], id: "CVE-2020-10933", lastModified: "2024-11-21T04:56:23.987", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-04T15:15:13.963", references: [ { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200625-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4721", }, { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200625-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4721", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-908", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-10-11 10:51
Modified
2025-04-11 00:51
Severity ?
Summary
Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the Ruby installation
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*", matchCriteriaId: "D0535DC9-EB0E-4745-80AC-4A020DF26E38", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "disputed", ], }, ], descriptions: [ { lang: "en", value: "Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\\Ruby193\\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the \"IKE and AuthIP IPsec Keying Modules\" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the Ruby installation", }, { lang: "es", value: "** DISPUTADA** Vulnerabilidad de path de búsqueda no confiable en la funcionalidad de instalación de Ruby 1.9.3-p194, cuando está instalada en el directorio C:\\, podría permitir a usuarios locales obetner privilegios a través de un fichero DLL troyanizado en el directorio \"C:\\Ruby193\\bin\", el cual puede ser añadido a la variable de entorno PATH por un adminsitrador, como se demostró con el fichero wlbsctrl.dll troyanizado usado en el servicio de sistema \"IKE and AuthIP IPsec Keying Modules\" en Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, y Windows 8 Release Preview. NOTA: CVE disputa esta vulnerabilidad debida a un problema con PATH, que es un problema administrativo, y no es una parte por defecto de la instalación de Ruby.", }, ], evaluatorComment: "Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426 Untrusted Search Path'\r\n\r\n", id: "CVE-2012-5380", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "LOCAL", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 6, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:H/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 1.5, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2012-10-11T10:51:57.500", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "https://www.htbridge.com/advisory/HTB23108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://www.htbridge.com/advisory/HTB23108", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2013-04-25 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE: this issue might exist because of a CVE-2011-1005 regression.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*", matchCriteriaId: "D0535DC9-EB0E-4745-80AC-4A020DF26E38", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*", matchCriteriaId: "94F5AA37-B466-4E2E-B217-5119BADDD87B", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*", matchCriteriaId: "6DF0F0F5-4022-4837-9B40-4B1127732CC9", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*", matchCriteriaId: "B3848B08-85C2-4AAD-AA33-CCEB80EF5B32", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*", matchCriteriaId: "90E0471D-1323-4E67-B66C-DEBF3BBAEEAA", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B03B7561-A854-4EFA-9E4E-CFC4EEAE4EE1", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*", matchCriteriaId: "D2423B85-0971-42AC-8B64-819008BC5778", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1:*:*:*:*:*:*", matchCriteriaId: "CB116A84-1652-4F5D-98AC-81F0349EEDC0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2:*:*:*:*:*:*", matchCriteriaId: "259C21E7-6084-4710-9BB3-C232942A451E", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*", matchCriteriaId: "285A3431-BDFE-40C5-92CD-B18217757C23", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*", matchCriteriaId: "D66B32CB-AC49-4A1C-85ED-6389F27CB319", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE: this issue might exist because of a CVE-2011-1005 regression.", }, { lang: "es", value: "Ruby v1.9.3 antes patchlevel 286 y v2.0 antes de la revisión r37068 permite a atacantes dependientes de contexto para evitar las restricciones de seguridad de nivel y modifican a través de las cadenas untainted (1) exc_to_s o (2) la función API name_err_to_s, que marca la cadena como contaminada, un diferentes vulnerabilidad a CVE-2012-4466. NOTA: este problema puede existir como consecuencia de una CVE-2011-1005 de regresión.", }, ], id: "CVE-2012-4464", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-04-25T23:55:01.310", references: [ { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089554.html", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089887.html", }, { source: "secalert@redhat.com", url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/10/02/4", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/10/03/9", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=862598", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089554.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089887.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/10/02/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/10/03/9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=862598", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-04-25 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plataformatec | devise | 1.5.0 | |
| plataformatec | devise | 1.5.1 | |
| plataformatec | devise | 1.5.2 | |
| plataformatec | devise | 1.5.3 | |
| plataformatec | devise | 2.0.0 | |
| plataformatec | devise | 2.0.1 | |
| plataformatec | devise | 2.0.2 | |
| plataformatec | devise | 2.0.3 | |
| plataformatec | devise | 2.0.4 | |
| plataformatec | devise | 2.1.0 | |
| plataformatec | devise | 2.1.1 | |
| plataformatec | devise | 2.1.2 | |
| plataformatec | devise | 2.2.0 | |
| plataformatec | devise | 2.2.1 | |
| plataformatec | devise | 2.2.2 | |
| ruby-lang | ruby | * | |
| opensuse | opensuse | 12.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:plataformatec:devise:1.5.0:*:*:*:*:*:*:*", matchCriteriaId: "A4F9C7C7-7723-43D4-91F6-6186D9C9BB10", vulnerable: true, }, { criteria: "cpe:2.3:a:plataformatec:devise:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "70B06452-931F-4975-84A3-36C1364C9C11", vulnerable: true, }, { criteria: "cpe:2.3:a:plataformatec:devise:1.5.2:*:*:*:*:*:*:*", matchCriteriaId: "C259DDDF-BC40-46F5-BFFA-0FF2C93E62B0", vulnerable: true, }, { criteria: "cpe:2.3:a:plataformatec:devise:1.5.3:*:*:*:*:*:*:*", matchCriteriaId: "6B7320C8-E9CB-4954-AE38-2EB81C1BE4E4", vulnerable: true, }, { criteria: "cpe:2.3:a:plataformatec:devise:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "5682C78A-1FC7-41F8-873E-C61EC8CEA475", vulnerable: true, }, { criteria: "cpe:2.3:a:plataformatec:devise:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "5B10284E-9813-4941-9D46-A2E6A7E4B3D0", vulnerable: true, }, { criteria: "cpe:2.3:a:plataformatec:devise:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "43680C09-6447-4567-9693-09EABE846CDF", vulnerable: true, }, { criteria: "cpe:2.3:a:plataformatec:devise:2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "C3096DCF-E91B-4D83-BD15-28D42C12F3B9", vulnerable: true, }, { criteria: "cpe:2.3:a:plataformatec:devise:2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "E5C542B5-B5DE-462F-82F8-854837DA1B1D", vulnerable: true, }, { criteria: "cpe:2.3:a:plataformatec:devise:2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "3CD02E50-A2C8-43CC-A839-E5CA4A208EC2", vulnerable: true, }, { criteria: "cpe:2.3:a:plataformatec:devise:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "49F151AD-49A1-4B6C-BD13-EAC3C9329D56", vulnerable: true, }, { criteria: "cpe:2.3:a:plataformatec:devise:2.1.2:*:*:*:*:*:*:*", matchCriteriaId: "9785762C-15CA-4511-AE99-63063E1C4D91", vulnerable: true, }, { criteria: "cpe:2.3:a:plataformatec:devise:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "A3646CD4-0C1D-43F7-9259-A6F6D6F8FE4C", vulnerable: true, }, { criteria: "cpe:2.3:a:plataformatec:devise:2.2.1:*:*:*:*:*:*:*", matchCriteriaId: "DB24CBA3-26EA-4B6C-9EBF-018A8004BFE5", vulnerable: true, }, { criteria: "cpe:2.3:a:plataformatec:devise:2.2.2:*:*:*:*:*:*:*", matchCriteriaId: "5FB39D4E-850B-4D13-9B2B-F8DBE707F5E7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "264DD094-A8CD-465D-B279-C834DDA5F79C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", matchCriteriaId: "D806A17E-B8F9-466D-807D-3F1E77603DC8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts.", }, { lang: "es", value: "Devise v2.2.x antes de v2.2.3, v2.1.x antes de v2.1.3, v2.0.x antes de v2.0.5, v1.5.x antes de v1.5.4 de Ruby, al utilizar ciertas bases de datos, no funciona correctamente cuando se realiza la conversión de tipos consultas de base de datos, lo que podría permitir a atacantes remotos provocar resultados incorrectos para ser devueltos y eludir los controles de seguridad a través de vectores desconocidos, como lo demuestra restablecer las contraseñas de las cuentas arbitrarias.", }, ], evaluatorImpact: "Per http://lists.opensuse.org/opensuse-updates/2013-03/msg00000.html\r\n\"Affected Products:\r\nopenSUSE 12.2\"", id: "CVE-2013-0233", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-04-25T23:55:01.460", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2013-03/msg00000.html", }, { source: "secalert@redhat.com", tags: [ "Exploit", ], url: "http://www.metasploit.com/modules/auxiliary/admin/http/rails_devise_pass_reset", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2013/01/29/3", }, { source: "secalert@redhat.com", tags: [ "Exploit", ], url: "http://www.phenoelit.org/blog/archives/2013/02/05/mysql_madness_and_rails/index.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/57577", }, { source: "secalert@redhat.com", url: "https://github.com/Snorby/snorby/issues/261", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2013-03/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.metasploit.com/modules/auxiliary/admin/http/rails_devise_pass_reset", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2013/01/29/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.phenoelit.org/blog/archives/2013/02/05/mysql_madness_and_rails/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/57577", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/Snorby/snorby/issues/261", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-06 13:15
Modified
2024-11-21 05:18
Severity ?
Summary
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "D2D8FEE5-99D0-413E-8482-0479BBC81443", versionEndIncluding: "2.5.8", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "D79041FB-E10A-4907-805C-45FA8428FF29", versionEndIncluding: "2.6.6", versionStartIncluding: "2.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "3908BC67-A30E-4F56-9836-81FBB0754110", versionEndIncluding: "2.7.1", versionStartIncluding: "2.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:webrick:*:*:*:*:*:ruby:*:*", matchCriteriaId: "5A33AE4F-9A47-4D28-8BBC-9DF4CCDA8915", versionEndIncluding: "1.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.", }, { lang: "es", value: "Se detectó un problema en Ruby versiones hasta 2.5.8, versiones 2.6.x hasta 2.6.6 y versiones 2.7.x hasta 2.7.1. WEBrick, un simple servidor HTTP integrado con Ruby, no había comprobado rigurosamente el valor del encabezado transfer-encoding. Un atacante puede explotar potencialmente este problema para omitir un proxy inverso (que también presenta una comprobación de encabezado deficiente), que puede conllevar a un ataque de Trafico Inapropiado de Peticiones HTTP", }, ], id: "CVE-2020-25613", lastModified: "2024-11-21T05:18:14.437", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-10-06T13:15:13.823", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/ruby/webrick/commit/8946bb38b4d87549f0d99ed73c62c41933f97cc7", }, { source: "cve@mitre.org", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://hackerone.com/reports/965267", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFP3E7KXXT3H3KA6CBZPUOGA5VPFARRJ/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTZURYROG3FFED3TYCQOBV66BS4K6WOV/", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/202401-27", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210115-0008/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/ruby/webrick/commit/8946bb38b4d87549f0d99ed73c62c41933f97cc7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://hackerone.com/reports/965267", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFP3E7KXXT3H3KA6CBZPUOGA5VPFARRJ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTZURYROG3FFED3TYCQOBV66BS4K6WOV/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202401-27", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210115-0008/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-444", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-06-24 19:41
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| debian | debian_linux | 4.0 | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 7.04 | |
| canonical | ubuntu_linux | 7.10 | |
| canonical | ubuntu_linux | 8.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "D65BD5CD-5ECE-4294-B8E6-D0276FE8CC98", versionEndIncluding: "1.8.4", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "3A289D5F-E8F3-4102-BF83-C63114DFE32C", versionEndExcluding: "1.8.5.231", versionStartExcluding: "1.8.5", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "ABA0AC75-6B7E-48BD-891F-3FB312B9BA25", versionEndExcluding: "1.8.6.230", versionStartIncluding: "1.8.6", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "5EDF7713-E20F-4EED-A323-98902450FD09", versionEndExcluding: "1.8.7.22", versionStartIncluding: "1.8.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", matchCriteriaId: "0F92AB32-E7DE-43F4-B877-1F41FA162EC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", matchCriteriaId: "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", matchCriteriaId: "6EBDAFF8-DE44-4E80-B6BD-E341F767F501", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", matchCriteriaId: "823BF8BE-2309-4F67-A5E2-EAD98F723468", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", matchCriteriaId: "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.", }, { lang: "es", value: "Múltiples desbordamientos de entero en la función rb_ary_store de Ruby 1.8.4 y anteriores, 1.8.5 anterior a 1.8.5-p231, 1.8.6 anterior a 1.8.6-p230 y 1.8.7 anterior a 1.8.7-p22 permite a atacantes dependientes del contexto ejecutar código de su elección mediante vectores desconocidos, un problema distinto a CVE-2008-2662, CVE-2008-2664 y CVE-2008-2725. NOTA: a fecha de 24-06-2008, ha habido un uso inconsistente de múltiples identificadores CVE relacionados con Ruby. La descripción CVE debe tomarse como autorizada aunque probablemente cambie.", }, ], id: "CVE-2008-2663", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-06-24T19:41:00.000", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30802", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30831", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30867", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30875", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30894", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31062", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31090", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31181", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31256", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31687", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/33178", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT2163", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2008/dsa-1612", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2008/dsa-1618", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0561.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ruby-forum.com/topic/157034", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/493688/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/29903", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1020347", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/usn-621-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2008/1907/references", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43346", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://issues.rpath.com/browse/RPL-2626", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10524", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30802", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30831", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30867", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30875", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30894", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31062", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31090", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31181", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31256", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31687", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/33178", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT2163", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2008/dsa-1612", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2008/dsa-1618", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0561.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ruby-forum.com/topic/157034", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/493688/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/29903", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1020347", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/usn-621-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2008/1907/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43346", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://issues.rpath.com/browse/RPL-2626", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10524", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-08-05 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:p111:*:*:*:*:*:*", matchCriteriaId: "07C1F5A4-4408-4E17-8439-40E6AADF6F18", versionEndIncluding: "1.8.6", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:p110:*:*:*:*:*:*", matchCriteriaId: "DF02372D-FD0B-453F-821E-1E0BA7900711", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:p36:*:*:*:*:*:*", matchCriteriaId: "FB0372E4-FE3E-49CD-AF55-E2E4518D34F5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900.", }, { lang: "es", value: "Ruby en versiones anteriores a la 1.8.6-p114 no resetea la semilla aleatoria después de la creacción de procesos (\"forking\"), lo que facilita a atacantes, dependiendo del contexto, predecir el valor de números aleatorios basándose en el conocimiento del número de secuencia obtenido en un proceso hijo distinto. Un problema relacionado con el CVE-2003-0900.", }, ], id: "CVE-2011-3009", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-08-05T22:55:01.547", references: [ { source: "cve@mitre.org", url: "http://redmine.ruby-lang.org/issues/show/4338", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2012-0070.html", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2011/07/20/1", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2011-1581.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/49126", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/69157", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://redmine.ruby-lang.org/issues/show/4338", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2012-0070.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2011/07/20/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2011-1581.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/49126", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/69157", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-310", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-01-03 18:54
Modified
2025-04-11 00:51
Severity ?
Summary
Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/ | Patch, Vendor Advisory | |
| secalert@redhat.com | http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/ | Patch, Vendor Advisory | |
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2013-1136.html | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=892813 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2013-1136.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=892813 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phusion | passenger | * | |
| phusion | passenger | 3.0.0 | |
| phusion | passenger | 3.0.1 | |
| phusion | passenger | 3.0.2 | |
| phusion | passenger | 3.0.3 | |
| phusion | passenger | 3.0.4 | |
| phusion | passenger | 3.0.5 | |
| phusion | passenger | 3.0.6 | |
| phusion | passenger | 3.0.7 | |
| phusion | passenger | 3.0.8 | |
| phusion | passenger | 3.0.9 | |
| phusion | passenger | 3.0.10 | |
| phusion | passenger | 3.0.11 | |
| phusion | passenger | 3.0.12 | |
| phusion | passenger | 3.0.13 | |
| phusion | passenger | 3.0.14 | |
| phusion | passenger | 3.0.15 | |
| phusion | passenger | 3.0.17 | |
| phusion | passenger | 3.0.18 | |
| phusion | passenger | 3.0.19 | |
| phusion | passenger | 4.0.1 | |
| phusion | passenger | 4.0.2 | |
| phusion | passenger | 4.0.3 | |
| phusion | passenger | 4.0.4 | |
| ruby-lang | ruby | * | |
| redhat | openshift | 1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*", matchCriteriaId: "EAC9E6F6-1C3C-4270-8360-97C0D1907D0C", versionEndIncluding: "3.0.20", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "079D1872-7E1B-4A66-9B3C-7FFC842A7BE6", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "BD8C8495-4011-4B96-BB78-430B1F508548", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "0D3426ED-FAD6-47C5-94D3-A8BACFBEF270", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6CD685C8-82D3-497A-84E9-238D19F15FE7", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.4:*:*:*:*:*:*:*", matchCriteriaId: "40AD3808-45E1-4889-98AF-4267B9DB17A6", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.5:*:*:*:*:*:*:*", matchCriteriaId: "36FCE653-AFE2-4291-872E-9CA8772F0CAD", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.6:*:*:*:*:*:*:*", matchCriteriaId: "5EF4B9EF-23CC-46E3-8700-36633924B9CF", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.7:*:*:*:*:*:*:*", matchCriteriaId: "4BAC8504-4F89-49AD-A06F-6A5A5B1DA34E", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.8:*:*:*:*:*:*:*", matchCriteriaId: "522C4CC8-9B97-4E1D-B82B-073D14444909", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.9:*:*:*:*:*:*:*", matchCriteriaId: "E9FEA652-5FFF-443F-983B-4FC5A4478F9E", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.10:*:*:*:*:*:*:*", matchCriteriaId: "3907694B-8E1A-4C5B-ABF0-90F023845557", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.11:*:*:*:*:*:*:*", matchCriteriaId: "D2AA53B5-4F58-4D38-80D7-42771F2C295C", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.12:*:*:*:*:*:*:*", matchCriteriaId: "4472ABCB-B464-4640-A892-73B4C8CB609F", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.13:*:*:*:*:*:*:*", matchCriteriaId: "0A2AA0F1-AB6F-4583-9AB1-38B7F69CE96D", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.14:*:*:*:*:*:*:*", matchCriteriaId: "8EDAC43A-BC17-4F1E-BFF6-4C9180817E5A", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.15:*:*:*:*:*:*:*", matchCriteriaId: "49FEE58A-FFDD-4E00-94F7-947D32CC1350", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.17:*:*:*:*:*:*:*", matchCriteriaId: "09AFC97E-37EF-4D68-B947-C8FB43A11245", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.18:*:*:*:*:*:*:*", matchCriteriaId: "E2267254-554B-4AF2-A72B-0E346E4657C3", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:3.0.19:*:*:*:*:*:*:*", matchCriteriaId: "5C406BAD-DCF8-4C46-9731-A81EBF387F68", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E3C18671-5FB1-4C97-9FDD-6D495A748DF9", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "ECFAD875-6DB0-4D40-9A11-E02DA954B197", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "A1CC46D4-E33E-467C-B5C7-8F371D906A46", vulnerable: true, }, { criteria: "cpe:2.3:a:phusion:passenger:4.0.4:*:*:*:*:*:*:*", matchCriteriaId: "2595C046-B304-42F3-8194-C259EFDBCA76", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "264DD094-A8CD-465D-B279-C834DDA5F79C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift:1.0:*:enterprise:*:*:*:*:*", matchCriteriaId: "E038BCDC-E14F-4D37-981C-BB80853C148C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary \"config\" file in a directory with a predictable name in /tmp/ before it is used by the gem.", }, { lang: "es", value: "Las versiones 3.0.21 y 4.0.x anteriores a 4.0.5 de la gema Phusion Passenger para Ruby permite a usuarios locales causar denegación de servicio (prevención de inicio de la aplicación) u obtener privilegios creando un fichero \"config\" temporal en un directorio con un nombre predecible en /tmp/ antes de que sea utilizado por la gema.", }, ], id: "CVE-2013-2119", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-01-03T18:54:11.350", references: [ { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1136.html", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=892813", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-1136.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=892813", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-03-04 23:44
Modified
2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:webrick:-:*:*:*:*:ruby:*:*", matchCriteriaId: "8D531565-E826-4586-8A8A-B2C0206498D4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "3F33562B-11B4-4362-81EB-6A5181CA236C", versionEndExcluding: "1.8.5.115", versionStartIncluding: "1.8.0", vulnerable: false, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "6D2EA115-6DE0-4633-A1AE-3069AC947973", versionEndExcluding: "1.8.6.114", versionStartIncluding: "1.8.6", vulnerable: false, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "52179EC7-CAF0-42AA-A21A-7105E10CA122", vulnerable: false, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.0.1:*:*:*:*:*:*:*", matchCriteriaId: "75AFC571-21D8-40F5-A0CF-20D3EC4E5FC3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*", matchCriteriaId: "E3EFD171-01F7-450B-B6F3-0F7E443A2337", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*", matchCriteriaId: "72E4DB7F-07C3-46BB-AAA2-05CD0312C57F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) \"..%5c\" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.", }, { lang: "es", value: "Una vulnerabilidad de salto de directorio en WEBrick en Ruby versiones 1.8 anteriores a 1.8.5-p115 y 1.8.6-p114, y versiones 1.9 hasta 1.9.0-1, cuando se ejecuta en sistemas que admiten separadores de ruta de barra invertida (\\) o nombres de archivo sin distinción entre mayúsculas y minúsculas, permite a atacantes remotos acceder a archivos arbitrarios por medio de secuencias o (1) \"..%5c\" (barra invertida codificada) o (2) nombres de archivo que coinciden con los patrones de la opción :NondisclosureName.", }, ], id: "CVE-2008-1145", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-03-04T23:44:00.000", references: [ { source: "secalert@redhat.com", tags: [ "Broken Link", "Mailing List", ], url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { source: "secalert@redhat.com", tags: [ "Not Applicable", "Vendor Advisory", ], url: "http://secunia.com/advisories/29232", }, { source: "secalert@redhat.com", tags: [ "Not Applicable", "Vendor Advisory", ], url: "http://secunia.com/advisories/29357", }, { source: "secalert@redhat.com", tags: [ "Not Applicable", ], url: "http://secunia.com/advisories/29536", }, { source: "secalert@redhat.com", tags: [ "Not Applicable", ], url: "http://secunia.com/advisories/30802", }, { source: "secalert@redhat.com", tags: [ "Not Applicable", ], url: "http://secunia.com/advisories/31687", }, { source: "secalert@redhat.com", tags: [ "Not Applicable", ], url: "http://secunia.com/advisories/32371", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT2163", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://wiki.rpath.com/Advisories:rPSA-2008-0123", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0123", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/404515", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/489205/100/0/threaded", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/489218/100/0/threaded", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/490056/100/0/threaded", }, { source: "secalert@redhat.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/28123", }, { source: "secalert@redhat.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1019562", }, { source: "secalert@redhat.com", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2008/0787", }, { source: "secalert@redhat.com", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41010", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "https://issues.rpath.com/browse/RPL-2338", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10937", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/5215", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00338.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00354.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Mailing List", ], url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Vendor Advisory", ], url: "http://secunia.com/advisories/29232", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Vendor Advisory", ], url: "http://secunia.com/advisories/29357", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "http://secunia.com/advisories/29536", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "http://secunia.com/advisories/30802", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "http://secunia.com/advisories/31687", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "http://secunia.com/advisories/32371", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT2163", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://wiki.rpath.com/Advisories:rPSA-2008-0123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/404515", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/489205/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/489218/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/490056/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/28123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1019562", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2008/0787", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41010", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://issues.rpath.com/browse/RPL-2338", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10937", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/5215", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00338.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00354.html", }, ], sourceIdentifier: "secalert@redhat.com", vendorComments: [ { comment: "This issue was addressed in affected versions of Ruby as shipped in Red Hat Enterprise Linux 4 and 5 via: https://rhn.redhat.com/errata/RHSA-2008-0897.html", lastModified: "2008-12-04T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-04-24 23:55
Modified
2025-04-12 10:46
Severity ?
Summary
The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence of filesystem operations. NOTE: this issue has been disputed by the Ruby OpenSSL team and third parties, who state that the original demonstration PoC contains errors and redundant or unnecessarily-complex code that does not appear to be related to a demonstration of the issue. As of 20140502, CVE is not aware of any public comment by the original researcher
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*", matchCriteriaId: "90E0471D-1323-4E67-B66C-DEBF3BBAEEAA", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B03B7561-A854-4EFA-9E4E-CFC4EEAE4EE1", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*", matchCriteriaId: "D2423B85-0971-42AC-8B64-819008BC5778", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*", matchCriteriaId: "1C663278-3B2A-4B7C-959A-2AA804467F21", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*", matchCriteriaId: "B7927149-A76A-48BC-8405-7375FC7D7486", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1:*:*:*:*:*:*", matchCriteriaId: "CB116A84-1652-4F5D-98AC-81F0349EEDC0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2:*:*:*:*:*:*", matchCriteriaId: "259C21E7-6084-4710-9BB3-C232942A451E", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*", matchCriteriaId: "285A3431-BDFE-40C5-92CD-B18217757C23", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*", matchCriteriaId: "D66B32CB-AC49-4A1C-85ED-6389F27CB319", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1:-:*:*:*:*:*:*", matchCriteriaId: "77020036-DC99-461B-9A36-E8C0BE44E6B8", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1:preview1:*:*:*:*:*:*", matchCriteriaId: "7A2C6617-222D-4EA3-A194-4D69B10197DE", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "8DF046E4-503B-4A10-BEAB-3144BD86EA49", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "disputed", ], }, ], descriptions: [ { lang: "en", value: "The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence of filesystem operations. NOTE: this issue has been disputed by the Ruby OpenSSL team and third parties, who state that the original demonstration PoC contains errors and redundant or unnecessarily-complex code that does not appear to be related to a demonstration of the issue. As of 20140502, CVE is not aware of any public comment by the original researcher", }, { lang: "es", value: "** DISPUTADA ** La extensión openssl en Ruby 2.x no mantiene correctamente el estado de la memoria de procesos después de la reapertura de un fichero, lo que permite a atacantes remotos falsificar firmas dentro del contexto de una secuencia de comandos Ruby que intenta la verificación de firmas después de realizar cierta secuencia de operaciones del sistema de ficheros. NOTA: este problema ha sido disputado por el equipo OpenSSL de Ruby y terceras partes, que dicen que la demostración PoC original contiene errores y código redundante o innecesariamente complejo que no parece estar relacionado con una demostración del problema. Desde 02052014, CVE no está consciente de ningún comentario público por parte del investigador original.", }, ], id: "CVE-2014-2734", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-04-24T23:55:05.707", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://packetstormsecurity.com/files/126218/Ruby-OpenSSL-Private-Key-Spoofing.html", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://seclists.org/fulldisclosure/2014/Apr/231", }, { source: "cve@mitre.org", url: "http://seclists.org/fulldisclosure/2014/May/13", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/106006", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/66956", }, { source: "cve@mitre.org", url: "https://gist.github.com/10446549", }, { source: "cve@mitre.org", url: "https://gist.github.com/emboss/91696b56cd227c8a0c13", }, { source: "cve@mitre.org", url: "https://github.com/adrienthebo/cve-2014-2734/", }, { source: "cve@mitre.org", url: "https://news.ycombinator.com/item?id=7601973", }, { source: "cve@mitre.org", url: "https://www.ruby-lang.org/en/news/2014/05/09/dispute-of-vulnerability-cve-2014-2734/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://packetstormsecurity.com/files/126218/Ruby-OpenSSL-Private-Key-Spoofing.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://seclists.org/fulldisclosure/2014/Apr/231", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2014/May/13", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/106006", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/66956", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://gist.github.com/10446549", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://gist.github.com/emboss/91696b56cd227c8a0c13", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/adrienthebo/cve-2014-2734/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://news.ycombinator.com/item?id=7601973", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.ruby-lang.org/en/news/2014/05/09/dispute-of-vulnerability-cve-2014-2734/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-07-12 13:27
Modified
2025-04-11 00:51
Severity ?
Summary
Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filenames of the backup files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | 1.9.0-0 | |
| ruby-lang | ruby | 1.9.0-1 | |
| ruby-lang | ruby | 1.9.0-2 | |
| ruby-lang | ruby | 1.9.0-20060415 | |
| ruby-lang | ruby | 1.9.0-20070709 | |
| ruby-lang | ruby | 1.9.1 | |
| ruby-lang | ruby | 1.9.1 | |
| ruby-lang | ruby | 1.9.1 | |
| ruby-lang | ruby | 1.9.1 | |
| ruby-lang | ruby | 1.9.1 | |
| ruby-lang | ruby | 1.9.1 | |
| ruby-lang | ruby | 1.9.1 | |
| ruby-lang | ruby | 1.9.1 | |
| ruby-lang | ruby | 1.9.1 | |
| microsoft | windows | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.0-0:*:*:*:*:*:*:*", matchCriteriaId: "A2D5127F-1E79-4F83-8BB0-C479B6CFE9AE", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.0-1:*:*:*:*:*:*:*", matchCriteriaId: "31181BA2-71A7-40C8-9E08-8FEAB013977B", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.0-2:*:*:*:*:*:*:*", matchCriteriaId: "EB8F3772-C973-41DB-AB3A-F4323418FC7F", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.0-20060415:*:*:*:*:*:*:*", matchCriteriaId: "A688B357-7096-4362-A7DD-5A24FB0AF431", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.0-20070709:*:*:*:*:*:*:*", matchCriteriaId: "46913DE9-8AE6-40E5-AEA1-6D2524EE7581", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-p0:*:*:*:*:*:*", matchCriteriaId: "470CF526-96F6-4DD1-B687-17106051A6D5", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-p129:*:*:*:*:*:*", matchCriteriaId: "52159D9F-8CD3-4103-82E6-BDE035BA3625", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-p243:*:*:*:*:*:*", matchCriteriaId: "EC0FD3F8-73A3-4518-8892-1E34D709FB89", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-p376:*:*:*:*:*:*", matchCriteriaId: "4B846CCE-7D1D-4A7E-95D8-50F92CF79AC6", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-p429:*:*:*:*:*:*", matchCriteriaId: "CB99DD31-7355-4FF1-AE41-CC156F83D7A2", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_1:*:*:*:*:*:*", matchCriteriaId: "A7E15263-74D3-42D4-B37C-C649F68EDECC", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_2:*:*:*:*:*:*", matchCriteriaId: "BA7FEA9B-06CE-4D08-9D61-2526ED5AE630", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc1:*:*:*:*:*:*", matchCriteriaId: "0D7F7EA5-7F6C-4C15-AB97-024836DC4862", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc2:*:*:*:*:*:*", matchCriteriaId: "236B38D1-0CCA-43C5-B2FC-1224F4F4E165", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", matchCriteriaId: "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filenames of the backup files.", }, { lang: "es", value: "Desbordamiento de búfer en Ruby v1.9.x anterior v1.9.1-p429 en Windows puede permitir a usuarios locales ganar privilegios mediante un valor ARGF.inplace_mode manipulado que no es correctamente manejado cuando construye los nombres de archivos de los ficheros backup", }, ], id: "CVE-2010-2489", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-07-12T13:27:27.813", references: [ { source: "secalert@redhat.com", url: "http://osdir.com/ml/ruby-talk/2010-07/msg00095.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/40442", }, { source: "secalert@redhat.com", url: "http://svn.ruby-lang.org/repos/ruby/tags/v1_9_1_429/ChangeLog", }, { source: "secalert@redhat.com", url: "http://svn.ruby-lang.org/repos/ruby/tags/v1_9_2_rc1/ChangeLog", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2010/07/02/1", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2010/07/02/10", }, { source: "secalert@redhat.com", url: "http://www.osvdb.org/66040", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2010/07/02/ruby-1-9-1-p429-is-released/", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/41321", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/60135", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osdir.com/ml/ruby-talk/2010-07/msg00095.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/40442", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://svn.ruby-lang.org/repos/ruby/tags/v1_9_1_429/ChangeLog", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://svn.ruby-lang.org/repos/ruby/tags/v1_9_2_rc1/ChangeLog", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2010/07/02/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2010/07/02/10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/66040", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2010/07/02/ruby-1-9-1-p429-is-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/41321", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/60135", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-11-23 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8:*:*:*:*:*:*:*", matchCriteriaId: "3EA01D6F-3B61-44EC-A6EA-9E878A0D5B99", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*", matchCriteriaId: "D9237145-35F8-4E05-B730-77C0F386E5B2", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*", matchCriteriaId: "C78BB1D8-0505-484D-B824-1AA219F8B247", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*", matchCriteriaId: "5178D04D-1C29-4353-8987-559AA07443EC", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*", matchCriteriaId: "D0535DC9-EB0E-4745-80AC-4A020DF26E38", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B03B7561-A854-4EFA-9E4E-CFC4EEAE4EE1", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:2.1:preview1:*:*:*:*:*:*", matchCriteriaId: "7A2C6617-222D-4EA3-A194-4D69B10197DE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.", }, { lang: "es", value: "Desbordamiento de buffer basado en memoria dinámica en Ruby 1.8, 1.9 anteriores a 1.9.3-p484, 2.0 anteriores a 2.0.0-p353, 2.1 anteriores a 2.1.0 preview2, y \"trunk\" anteriores a la revisión 43780 permite a atacatnes dependientes del contexto causar denegación de servicio (segmentation fault) y posiblemente ejecutar código arbitrario a través de una cadena de texto que es convertida a un número en punto flotante, como demostrado utilizando (1) el método to_f o (2) JSON.parse.", }, ], id: "CVE-2013-4164", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-11-23T19:55:03.517", references: [ { source: "secalert@redhat.com", url: "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html", }, { source: "secalert@redhat.com", url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00009.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00027.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00028.html", }, { source: "secalert@redhat.com", url: "http://osvdb.org/100113", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2013-1763.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2013-1764.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2013-1767.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2014-0011.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2014-0215.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/55787", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/57376", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2013/dsa-2809", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2013/dsa-2810", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/63873", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2035-1", }, { source: "secalert@redhat.com", url: "https://puppet.com/security/cve/cve-2013-4164", }, { source: "secalert@redhat.com", url: "https://support.apple.com/kb/HT6536", }, { source: "secalert@redhat.com", tags: [ "Exploit", ], url: "https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164", }, { source: "secalert@redhat.com", url: "https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-released", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00027.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2013-12/msg00028.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/100113", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2013-1763.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2013-1764.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2013-1767.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2014-0011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2014-0215.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/55787", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/57376", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2013/dsa-2809", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2013/dsa-2810", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/63873", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2035-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://puppet.com/security/cve/cve-2013-4164", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.apple.com/kb/HT6536", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-released", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-12-09 00:30
Modified
2025-04-09 00:30
Severity ?
Summary
httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.1:*:*:*:*:*:*:*", matchCriteriaId: "31160797-6920-4BA1-B355-1CCD1FCDBFC8", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:*:*:*:*:*:*:*", matchCriteriaId: "C80BDE13-9CBB-4A5F-9BF4-BEB907CED271", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656.", }, { lang: "es", value: "El archivo httputils.rb en WEBrick en Ruby versiones 1.8.1 y 1.8.5, tal y como es usado en versiones 4 y 5 de Red Hat Enterprise Linux, permite a los atacantes remotos causar una denegación de servicio (consumo de CPU) por medio de una petición HTTP diseñada. NOTA: este problema se presenta debido a una corrección incompleta del CVE-2008-3656.", }, ], id: "CVE-2008-4310", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-12-09T00:30:00.220", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/33013", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2008/12/04/2", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2008-0981.html", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=470252", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10250", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/33013", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2008/12/04/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2008-0981.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=470252", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10250", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-07-13 13:15
Modified
2024-11-21 06:06
Severity ?
Summary
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| fedoraproject | fedora | 34 | |
| debian | debian_linux | 9.0 | |
| oracle | jd_edwards_enterpriseone_tools | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "EF4F2191-A77B-45F1-BA1E-F36F7F357704", versionEndIncluding: "2.6.7", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "D29D5386-D306-4CB4-82EC-678319F0101D", versionEndIncluding: "2.7.3", versionStartIncluding: "2.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "528E25B8-22A4-4AAF-9582-76BCDF3705B5", versionEndIncluding: "3.0.1", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", matchCriteriaId: "D1298AA2-0103-4457-B260-F976B78468E7", versionEndExcluding: "9.2.6.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).", }, { lang: "es", value: "Se ha detectado un problema en Ruby versiones hasta 2.6.7, versiones 2.7.x hasta 2.7.3, y versiones 3.x hasta 3.0.1. Un servidor FTP malicioso puede usar la respuesta PASV para engañar a la función Net::FTP para que se conecte de nuevo a una dirección IP y un puerto determinados. Esto potencialmente hace que curl extraiga información sobre servicios que de otra manera son privados y no son divulgados (por ejemplo, el atacante puede conducir escaneos de puertos y extracciones de banners de servicios)", }, ], id: "CVE-2021-31810", lastModified: "2024-11-21T06:06:16.320", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-07-13T13:15:09.243", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://hackerone.com/reports/1145454", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/10/msg00009.html", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MWXHK5UUHVSHF7HTHMX6JY3WXDVNIHSL/", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/202401-27", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210917-0001/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://hackerone.com/reports/1145454", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/10/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MWXHK5UUHVSHF7HTHMX6JY3WXDVNIHSL/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202401-27", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210917-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-08-13 01:41
Modified
2025-04-09 00:30
Severity ?
Summary
Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "9721AB68-8002-4F85-98BC-0E6FDF7CDF6C", versionEndIncluding: "1.8.5", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.6.8:*:*:*:*:*:*:*", matchCriteriaId: "46086C6A-9068-4959-BEE7-4D76BDEA3962", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*", matchCriteriaId: "16BDFA5C-35BE-4B7E-BD2D-C28B095F62E0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.1:*:*:*:*:*:*:*", matchCriteriaId: "31160797-6920-4BA1-B355-1CCD1FCDBFC8", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.1:-9:*:*:*:*:*:*", matchCriteriaId: "BC306E85-66D8-4384-BBC3-92DC99C85FC2", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.2:*:*:*:*:*:*:*", matchCriteriaId: "A5675C37-39EF-41EF-9A53-3FCE4CF23820", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.2:preview2:*:*:*:*:*:*", matchCriteriaId: "39609530-0A81-481E-BDA4-5A98327EAD11", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.2:preview3:*:*:*:*:*:*", matchCriteriaId: "C19ADE91-4D9E-43ED-A605-E504B9090119", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.2:preview4:*:*:*:*:*:*", matchCriteriaId: "D89E3027-C2ED-4CC6-86F5-1B791576B6EF", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.3:*:*:*:*:*:*:*", matchCriteriaId: "46F29ADA-E6DC-456F-9E63-C56C68EF7E5C", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.3:preview1:*:*:*:*:*:*", matchCriteriaId: "57B1C113-682E-4F7D-BCF0-E30C446C4AC7", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.3:preview2:*:*:*:*:*:*", matchCriteriaId: "4BAF9471-B532-4194-AB3C-5AA28432FF27", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.3:preview3:*:*:*:*:*:*", matchCriteriaId: "51BE9728-A5FE-486A-8DB9-711E46243132", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.4:*:*:*:*:*:*:*", matchCriteriaId: "7AC1B910-C0FA-4943-92B1-597842E84015", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.4:preview1:*:*:*:*:*:*", matchCriteriaId: "A78ECCA9-6F07-4A63-8BF7-8D40F2439552", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.4:preview2:*:*:*:*:*:*", matchCriteriaId: "14513719-4ED8-4EAB-B4D8-29849B868BA0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.4:preview3:*:*:*:*:*:*", matchCriteriaId: "92E3814D-BEEA-4E46-9CED-9D8059727D14", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:p11:*:*:*:*:*:*", matchCriteriaId: "CA7D3F32-EFB7-4628-9328-36C6A306B399", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:p113:*:*:*:*:*:*", matchCriteriaId: "D1A95E9F-AEC5-4AF9-B7D9-52DDDECB7E77", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:p115:*:*:*:*:*:*", matchCriteriaId: "9328DE73-420B-4280-85A4-ABEFC4679676", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:p12:*:*:*:*:*:*", matchCriteriaId: "0F382FBD-6163-4A5B-AEB3-A15A843329F1", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:p2:*:*:*:*:*:*", matchCriteriaId: "4399121F-9BC7-4A67-8B0B-ED3B94A16D56", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:p35:*:*:*:*:*:*", matchCriteriaId: "BFE61EB9-2544-4E48-B313-63A99F4F5241", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview1:*:*:*:*:*:*", matchCriteriaId: "6122187F-2371-429A-971B-419B4ACE8E18", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview2:*:*:*:*:*:*", matchCriteriaId: "8A42425D-FF21-4863-B43D-EE100DBE6BD7", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview3:*:*:*:*:*:*", matchCriteriaId: "06512108-020D-4D71-8F60-6AA2052D7D35", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview4:*:*:*:*:*:*", matchCriteriaId: "E2E152A5-F625-4061-AD8C-4CFA085B674F", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview5:*:*:*:*:*:*", matchCriteriaId: "756F5247-658C-412C-ACBF-CBE987DF748A", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*", matchCriteriaId: "876B2575-4F81-4A70-9A88-9BEE44649626", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:p110:*:*:*:*:*:*", matchCriteriaId: "DF02372D-FD0B-453F-821E-1E0BA7900711", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:p111:*:*:*:*:*:*", matchCriteriaId: "0A6ED369-E564-4D4F-9E23-A8125194EAD0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:p114:*:*:*:*:*:*", matchCriteriaId: "ACC0DB90-C072-4BCB-9082-94394F547D35", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:p230:*:*:*:*:*:*", matchCriteriaId: "4D7ED62B-4D88-46A4-A0A3-BD37E66A5211", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:p286:*:*:*:*:*:*", matchCriteriaId: "072A0C3C-9F47-4DC7-96EA-7980B45429DD", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:p36:*:*:*:*:*:*", matchCriteriaId: "FB0372E4-FE3E-49CD-AF55-E2E4518D34F5", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1:*:*:*:*:*:*", matchCriteriaId: "04579340-B53F-47B5-99C9-B647AAA3D303", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2:*:*:*:*:*:*", matchCriteriaId: "9D7F4162-108A-470B-8E6B-C009E8C56AEF", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3:*:*:*:*:*:*", matchCriteriaId: "73AB0545-3D8D-4623-8381-D71DA44E3B5D", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*", matchCriteriaId: "2D86FC99-3521-4E22-8FD3-65CEB05A6342", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*", matchCriteriaId: "84A291B0-EABD-4572-B8E2-2457DBAEDC92", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*", matchCriteriaId: "1FE05F3A-A8B5-45EE-BF52-D55E2768F890", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*", matchCriteriaId: "0C6D66E2-3E10-4DEA-9E6B-53A5DE78AFCF", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*", matchCriteriaId: "4E37786B-5336-4182-A1E3-801BDB6F61EC", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*", matchCriteriaId: "349D014E-223A-46A7-8334-543DB330C215", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*", matchCriteriaId: "550EC183-43A1-4A63-A23C-A48C1F078451", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*", matchCriteriaId: "0ACECF59-AA88-4B5C-A671-83842C9CF072", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "52179EC7-CAF0-42AA-A21A-7105E10CA122", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.", }, { lang: "es", value: "Ruby versiones 1.8.5 y anteriores, versiones 1.8.6 hasta 1.8.6-p286, versiones 1.8.7 hasta 1.8.7-p71, y versiones 1.9 hasta r18423, no restringe apropiadamente el acceso a variables y métodos críticos en varios niveles seguros, lo que permite a los atacantes dependiendo del contexto omitir las restricciones de acceso previstas por medio de (1) untrace_var, (2) $PROGRAM_NAME, y (3) syslog en nivel seguro 4 y (4) métodos no confiables en los niveles seguros 1 a 3.", }, ], id: "CVE-2008-3655", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-08-13T01:41:00.000", references: [ { source: "cve@mitre.org", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401", }, { source: "cve@mitre.org", url: "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/31430", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/31697", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32165", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32219", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32255", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32256", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32371", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32372", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/33178", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/35074", }, { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { source: "cve@mitre.org", url: "http://support.apple.com/kb/HT3549", }, { source: "cve@mitre.org", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", }, { source: "cve@mitre.org", url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.debian.org/security/2008/dsa-1651", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2008/dsa-1652", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2008-0895.html", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/495884/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", ], url: "http://www.securityfocus.com/bid/30644", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id?1020656", }, { source: "cve@mitre.org", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-133A.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2008/2334", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2009/1297", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44369", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11602", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/651-1/", }, { source: "cve@mitre.org", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html", }, { source: "cve@mitre.org", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/31430", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/31697", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32165", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32219", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32255", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32256", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32371", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32372", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/33178", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/35074", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.apple.com/kb/HT3549", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.debian.org/security/2008/dsa-1651", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2008/dsa-1652", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2008-0895.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2008-0897.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/495884/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "http://www.securityfocus.com/bid/30644", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1020656", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-133A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2008/2334", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2009/1297", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44369", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11602", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/651-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-06-24 19:41
Modified
2025-04-09 00:30
Severity ?
Summary
Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| debian | debian_linux | 4.0 | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 7.04 | |
| canonical | ubuntu_linux | 7.10 | |
| canonical | ubuntu_linux | 8.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "D65BD5CD-5ECE-4294-B8E6-D0276FE8CC98", versionEndIncluding: "1.8.4", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "C1836C3C-2EE4-43D0-965A-0269948C282B", versionEndExcluding: "1.8.5.231", versionStartIncluding: "1.8.5", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "ABA0AC75-6B7E-48BD-891F-3FB312B9BA25", versionEndExcluding: "1.8.6.230", versionStartIncluding: "1.8.6", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "5EDF7713-E20F-4EED-A323-98902450FD09", versionEndExcluding: "1.8.7.22", versionStartIncluding: "1.8.7", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "9DDF08CB-5F01-49ED-9DDB-ED39C8B0423E", versionEndExcluding: "1.9.0.2", versionStartIncluding: "1.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", matchCriteriaId: "0F92AB32-E7DE-43F4-B877-1F41FA162EC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", matchCriteriaId: "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", matchCriteriaId: "6EBDAFF8-DE44-4E80-B6BD-E341F767F501", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", matchCriteriaId: "823BF8BE-2309-4F67-A5E2-EAD98F723468", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", matchCriteriaId: "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the \"beg + rlen\" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.", }, { lang: "es", value: "Un desbordamiento de enteros en la función (1) rb_ary_splice en Ruby versión 1.8.4 y anteriores, versión 1.8.5 anterior a 1.8.5-p231, versión 1.8.6 anterior a 1.8.6-p230, versión 1.8.7 anterior a 1.8.7-p22, y versión 1.9.0 anterior a 1.9.0-2; y (2) la función rb_ary_replace en versión 1.6.x, permite a los atacantes dependiendo del contexto desencadenar una corrupción en la memoria, también se conoce como el problema \"beg + rlen\". NOTA: a partir de 20080624, ha habido un uso incoherente de varios identificadores CVE relacionados con Ruby. La descripción del CVE debe considerarse autorizada, aunque es probable que cambie.", }, ], id: "CVE-2008-2726", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-06-24T19:41:00.000", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30802", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30831", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30867", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30875", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30894", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31062", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31090", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31181", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31256", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31687", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/33178", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT2163", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2008/dsa-1612", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2008/dsa-1618", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0561.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ruby-forum.com/topic/157034", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/493688/100/0/threaded", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/29903", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1020347", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/usn-621-1", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2008/1907/references", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43351", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "https://issues.rpath.com/browse/RPL-2626", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9959", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30802", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30831", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30867", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30875", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30894", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31062", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31090", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31181", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31256", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31687", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/33178", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://security.gentoo.org/glsa/glsa-200812-17.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT2163", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2008/dsa-1612", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2008/dsa-1618", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0561.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ruby-forum.com/topic/157034", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/493688/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/29903", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1020347", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/usn-621-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2008/1907/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2008/1981/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43351", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://issues.rpath.com/browse/RPL-2626", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9959", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-189", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }