Back to search
CVE-2013-4287
Published: Oct 17, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20130909 CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older
mailing-list
x_refsource_MLIST
55381
third-party-advisory
x_refsource_SECUNIA
RHSA-2013:1523
vendor-advisory
x_refsource_REDHAT
http://blog.rubygems.org/2013/09/09/CVE-2013-4287.html
x_refsource_CONFIRM
https://puppet.com/security/cve/cve-2013-4287
x_refsource_CONFIRM
RHSA-2013:1427
vendor-advisory
x_refsource_REDHAT
RHSA-2013:1852
vendor-advisory
x_refsource_REDHAT
RHSA-2013:1441
vendor-advisory
x_refsource_REDHAT
RHSA-2014:0207
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now