Описание
The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression.
An unbounded recursion flaw was found in the way Ruby handled regular expressions. A specially crafted regular expression could be used by an attacker to crash an Ruby application processing such crafted input.
Отчет
Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | rh-ruby22-ruby | Not affected | ||
| CloudForms Management Engine 5 | ruby-200-ruby | Not affected | ||
| Red Hat Enterprise Linux 5 | ruby | Not affected | ||
| Red Hat Enterprise Linux 6 | ruby | Not affected | ||
| Red Hat Enterprise Linux 7 | ruby | Not affected | ||
| Red Hat Software Collections | rh-ruby22-ruby | Not affected | ||
| Red Hat Software Collections | rh-ruby23-ruby | Not affected | ||
| Red Hat Software Collections | rh-ruby24-ruby | Will not fix | ||
| Red Hat Subscription Asset Manager | ruby193-ruby | Not affected |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression.
The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression.
The parse_char_class function in regparse.c in the Onigmo (aka Oniguru ...
The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression.
6.5 Medium
CVSS3