Back to search
CVE-2009-1904
Published: Jun 11, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2009-1563
vdb-entry
x_refsource_VUPEN
35937
third-party-advisory
x_refsource_SECUNIA
35593
third-party-advisory
x_refsource_SECUNIA
http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/
x_refsource_CONFIRM
http://redmine.ruby-lang.org/issues/show/794
x_refsource_CONFIRM
https://bugs.launchpad.net/bugs/cve/2009-1904
x_refsource_CONFIRM
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532689
x_refsource_CONFIRM
RHSA-2009:1140
vendor-advisory
x_refsource_REDHAT
[pkgsrc-changes] 20090610 CVS commit: pkgsrc/lang/ruby18-base
mailing-list
x_refsource_MLIST
[rubyonrails-security] 20090610 DoS Vulnerability in Ruby (CVE-2009-1904)
mailing-list
x_refsource_MLIST
1022371
vdb-entry
x_refsource_SECTRACK
oval:org.mitre.oval:def:9780
vdb-entry
signature
x_refsource_OVAL
APPLE-SA-2010-03-29-1
vendor-advisory
x_refsource_APPLE
35399
third-party-advisory
x_refsource_SECUNIA
http://github.com/NZKoz/bigdecimal-segfault-fix/tree/master
x_refsource_CONFIRM
http://weblog.rubyonrails.org/2009/6/10/dos-vulnerability-in-ruby/
x_refsource_CONFIRM
USN-805-1
vendor-advisory
x_refsource_UBUNTU
FEDORA-2009-13066
vendor-advisory
x_refsource_FEDORA
55031
vdb-entry
x_refsource_OSVDB
35278
vdb-entry
x_refsource_BID
http://bugs.gentoo.org/show_bug.cgi?id=273213
x_refsource_CONFIRM
37705
third-party-advisory
x_refsource_SECUNIA
http://support.apple.com/kb/HT4077
x_refsource_CONFIRM
35699
third-party-advisory
x_refsource_SECUNIA
https://bugs.launchpad.net/bugs/385436
x_refsource_CONFIRM
GLSA-200906-02
vendor-advisory
x_refsource_GENTOO
MDVSA-2009:160
vendor-advisory
x_refsource_MANDRIVA
http://www.ruby-forum.com/topic/189071
x_refsource_CONFIRM
ruby-bigdecimal-dos(51032)
vdb-entry
x_refsource_XF
35527
third-party-advisory
x_refsource_SECUNIA
SSA:2009-170-02
vendor-advisory
x_refsource_SLACKWARE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now