CVE-2013-4389

Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
rubyonrailsrails
3.0.0 ≤
𝑥
< 3.2.15
opensuseopensuse
12.2
opensuseopensuse
12.3
opensuseopensuse
13.1
debiandebian_linux
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
rails
bullseye (security)
2:6.0.3.7+dfsg-2+deb11u2
fixed
bullseye
2:6.0.3.7+dfsg-2+deb11u2
fixed
bookworm
2:6.1.7.3+dfsg-2~deb12u1
fixed
sid
2:6.1.7.3+dfsg-4
fixed
trixie
2:6.1.7.3+dfsg-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rails
trusty
dne
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
lucid
not-affected
rails-4.0
trusty
dne
saucy
dne
raring
dne
quantal
dne
precise
dne
lucid
dne
ruby-actionmailer-2.3
trusty
dne
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
lucid
dne
ruby-actionmailer-3.2
trusty
dne
saucy
ignored
raring
ignored
quantal
ignored
precise
dne
lucid
dne
ruby-actionpack-2.3
trusty
dne
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
lucid
dne
ruby-actionpack-3.2
trusty
dne
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
dne
lucid
dne
ruby-activerecord-2.3
trusty
dne
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
lucid
dne
ruby-activerecord-3.2
trusty
dne
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
dne
lucid
dne
ruby-activesupport-2.3
trusty
dne
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
lucid
dne
ruby-activesupport-3.2
trusty
dne
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
dne
lucid
dne
ruby-rails-2.3
trusty
dne
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
lucid
dne
ruby-rails-3.2
trusty
dne
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
dne
lucid
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2013-12/msg00091.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00094.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html
http://www.debian.org/security/2014/dsa-2887
http://www.debian.org/security/2014/dsa-2888
https://groups.google.com/forum/message/raw?msg=ruby-security-ann/yvlR1Vx44c8/elKJkpO2KVgJ
http://lists.opensuse.org/opensuse-updates/2013-12/msg00091.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00094.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html
http://www.debian.org/security/2014/dsa-2887
http://www.debian.org/security/2014/dsa-2888
https://groups.google.com/forum/message/raw?msg=ruby-security-ann/yvlR1Vx44c8/elKJkpO2KVgJ