CVE-2013-4363
17.10.2013, 23:55
Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. NOTE: this issue is due to an incomplete fix for CVE-2013-4287.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| rubygems | rubygems | 𝑥 ≤ 1.8.23 |
| rubygems | rubygems | 1.8.0 |
| rubygems | rubygems | 1.8.1 |
| rubygems | rubygems | 1.8.2 |
| rubygems | rubygems | 1.8.3 |
| rubygems | rubygems | 1.8.4 |
| rubygems | rubygems | 1.8.5 |
| rubygems | rubygems | 1.8.6 |
| rubygems | rubygems | 1.8.7 |
| rubygems | rubygems | 1.8.8 |
| rubygems | rubygems | 1.8.9 |
| rubygems | rubygems | 1.8.10 |
| rubygems | rubygems | 1.8.11 |
| rubygems | rubygems | 1.8.12 |
| rubygems | rubygems | 1.8.13 |
| rubygems | rubygems | 1.8.14 |
| rubygems | rubygems | 1.8.15 |
| rubygems | rubygems | 1.8.16 |
| rubygems | rubygems | 1.8.17 |
| rubygems | rubygems | 1.8.18 |
| rubygems | rubygems | 1.8.19 |
| rubygems | rubygems | 1.8.20 |
| rubygems | rubygems | 1.8.21 |
| rubygems | rubygems | 1.8.22 |
| rubygems | rubygems | 1.8.24 |
| rubygems | rubygems | 1.8.25 |
| rubygems | rubygems | 1.8.26 |
| rubygems | rubygems | 2.0.0 |
| rubygems | rubygems | 2.0.0:preview2 |
| rubygems | rubygems | 2.0.0:preview2.1 |
| rubygems | rubygems | 2.0.0:preview2.2 |
| rubygems | rubygems | 2.0.0:rc1 |
| rubygems | rubygems | 2.0.0:rc2 |
| rubygems | rubygems | 2.0.1 |
| rubygems | rubygems | 2.0.2 |
| rubygems | rubygems | 2.0.3 |
| rubygems | rubygems | 2.0.4 |
| rubygems | rubygems | 2.0.5 |
| rubygems | rubygems | 2.0.6 |
| rubygems | rubygems | 2.0.7 |
| rubygems | rubygems | 2.0.8 |
| rubygems | rubygems | 2.0.9 |
| rubygems | rubygems | 2.1.0 |
| rubygems | rubygems | 2.1.0:rc1 |
| rubygems | rubygems | 2.1.0:rc2 |
| rubygems | rubygems | 2.1.1 |
| rubygems | rubygems | 2.1.2 |
| rubygems | rubygems | 2.1.3 |
| rubygems | rubygems | 2.1.4 |
| ruby-lang | ruby | 1.9 |
| ruby-lang | ruby | 1.9.1 |
| ruby-lang | ruby | 1.9.2 |
| ruby-lang | ruby | 1.9.3 |
| ruby-lang | ruby | 1.9.3:p0 |
| ruby-lang | ruby | 1.9.3:p125 |
| ruby-lang | ruby | 1.9.3:p194 |
| ruby-lang | ruby | 1.9.3:p286 |
| ruby-lang | ruby | 1.9.3:p383 |
| ruby-lang | ruby | 1.9.3:p385 |
| ruby-lang | ruby | 1.9.3:p392 |
| ruby-lang | ruby | 1.9.3:p426 |
| ruby-lang | ruby | 1.9.3:p429 |
| ruby-lang | ruby | 2.0 |
| ruby-lang | ruby | 2.0.0 |
| ruby-lang | ruby | 2.0.0:p0 |
| ruby-lang | ruby | 2.0.0:p195 |
| ruby-lang | ruby | 2.0.0:p247 |
| ruby-lang | ruby | 2.0.0:preview1 |
| ruby-lang | ruby | 2.0.0:preview2 |
| ruby-lang | ruby | 2.0.0:rc1 |
| ruby-lang | ruby | 2.0.0:rc2 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| ruby19 |
| ||
| ruby19-debuginfo |
| ||
| ruby19-devel |
| ||
| ruby19-doc |
| ||
| ruby19-irb |
| ||
| ruby19-libs |
| ||
| rubygem19-bigdecimal |
| ||
| rubygem19-io-console |
| ||
| rubygem19-json |
| ||
| rubygem19-minitest |
| ||
| rubygem19-rake |
| ||
| rubygem19-rdoc |
| ||
| rubygems |
| ||
| rubygems-devel |
| ||
| rubygems19 |
| ||
| rubygems19-devel |
|
Common Weakness Enumeration
References