Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-4164

Опубликовано: 22 нояб. 2013
Источник: redhat
CVSS2: 7.5

Описание

Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.

Отчет

This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5mingw-rubyAffected
OpenShift Enterprise 1ruby193-rubyWill not fix
Red Hat Enterprise Linux 4rubyNot affected
Red Hat Enterprise Linux 5rubyNot affected
Red Hat Enterprise Linux 7rubyNot affected
Red Hat OpenStack Platform 4ruby193-rubyAffected
Red Hat Satellite 6ruby193-rubyAffected
Red Hat Subscription Asset Managerruby193-rubyAffected
CloudForms Management Engine 5.xcfmeFixedRHSA-2014:021511.03.2014
CloudForms Management Engine 5.xruby193-rubyFixedRHSA-2014:021511.03.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Critical
Дефект:
CWE-228->CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1033460ruby: heap overflow in floating point parsing

7.5 High

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-4164

ubuntu
почти 12 лет назад

Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.

nvd логотип

CVE-2013-4164

nvd
почти 12 лет назад

Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.

debian логотип

CVE-2013-4164

debian
почти 12 лет назад

Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 bef ...

github логотип

GHSA-j98q-m2w8-57rc

github
больше 3 лет назад

Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.

oracle-oval логотип

ELSA-2013-1764

oracle-oval
почти 12 лет назад

ELSA-2013-1764: ruby security update (CRITICAL)

7.5 High

CVSS2