Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-4287

Опубликовано: 09 сент. 2013
Источник: redhat
CVSS2: 2.6
EPSS Низкий

Описание

Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.

Отчет

Red Hat OpenShift Enterprise 1.2 is now in Production 1 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat OpenShift Enterprise Life Cycle: https://access.redhat.com/site/support/policy/updates/openshift.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5rubygemsAffected
OpenShift Enterprise 1ruby193-rubyWill not fix
OpenShift Enterprise 1rubygemsWill not fix
Red Hat Enterprise Linux 7rubyNot affected
Red Hat OpenStack Platform 4ruby193-rubygemsAffected
Red Hat Satellite 6ruby193-rubygemsWill not fix
Red Hat Satellite 6rubygemsWill not fix
Red Hat Subscription Asset Managerruby193-rubygemsAffected
Red Hat Subscription Asset ManagerrubygemsWill not fix
OpenStack 3 for RHEL 6ruby193-rubyFixedRHSA-2013:152314.11.2013

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-407->CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1002364rubygems: version regex algorithmic complexity vulnerability

EPSS

Процентиль: 85%
0.02737
Низкий

2.6 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-4287

ubuntu
почти 12 лет назад

Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.

nvd логотип

CVE-2013-4287

nvd
почти 12 лет назад

Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.

debian логотип

CVE-2013-4287

debian
почти 12 лет назад

Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN ...

github логотип

GHSA-9j7m-rjqx-48vh

github
около 3 лет назад

RubyGems Regular Expression Denial of Service vulnerability

oracle-oval логотип

ELSA-2013-1441

oracle-oval
почти 12 лет назад

ELSA-2013-1441: rubygems security update (MODERATE)

EPSS

Процентиль: 85%
0.02737
Низкий

2.6 Low

CVSS2