CVE-2008-3443

First published: Thu Aug 14 2008(Updated: )

The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Ruby-lang Ruby	=1.6.8
Ruby-lang Ruby	=1.8.0
Ruby-lang Ruby	=1.8.1
Ruby-lang Ruby	=1.8.1--9
Ruby-lang Ruby	=1.8.2
Ruby-lang Ruby	=1.8.2-preview2
Ruby-lang Ruby	=1.8.2-preview3
Ruby-lang Ruby	=1.8.2-preview4
Ruby-lang Ruby	=1.8.3
Ruby-lang Ruby	=1.8.3-preview1
Ruby-lang Ruby	=1.8.3-preview2
Ruby-lang Ruby	=1.8.3-preview3
Ruby-lang Ruby	=1.8.4
Ruby-lang Ruby	=1.8.4-preview1
Ruby-lang Ruby	=1.8.4-preview2
Ruby-lang Ruby	=1.8.4-preview3
Ruby-lang Ruby	=1.8.5
Ruby-lang Ruby	=1.8.5-p11
Ruby-lang Ruby	=1.8.5-p113
Ruby-lang Ruby	=1.8.5-p114
Ruby-lang Ruby	=1.8.5-p115
Ruby-lang Ruby	=1.8.5-p12
Ruby-lang Ruby	=1.8.5-p2
Ruby-lang Ruby	=1.8.5-p231
Ruby-lang Ruby	=1.8.5-p35
Ruby-lang Ruby	=1.8.5-p52
Ruby-lang Ruby	=1.8.5-preview1
Ruby-lang Ruby	=1.8.5-preview2
Ruby-lang Ruby	=1.8.5-preview3
Ruby-lang Ruby	=1.8.5-preview4
Ruby-lang Ruby	=1.8.5-preview5
Ruby-lang Ruby	=1.8.6
Ruby-lang Ruby	=1.8.6-p110
Ruby-lang Ruby	=1.8.6-p111
Ruby-lang Ruby	=1.8.6-p114
Ruby-lang Ruby	=1.8.6-p230
Ruby-lang Ruby	=1.8.6-p286
Ruby-lang Ruby	=1.8.6-p36
Ruby-lang Ruby	=1.8.6-preview1
Ruby-lang Ruby	=1.8.6-preview2
Ruby-lang Ruby	=1.8.6-preview3
Ruby-lang Ruby	=1.8.7
Ruby-lang Ruby	=1.8.7-p17
Ruby-lang Ruby	=1.8.7-p22
Ruby-lang Ruby	=1.8.7-p71
Ruby-lang Ruby	=1.8.7-preview1
Ruby-lang Ruby	=1.8.7-preview2
Ruby-lang Ruby	=1.8.7-preview3
Ruby-lang Ruby	=1.8.7-preview4
Ruby-lang Ruby	=1.9.0
Ruby-lang Ruby	=1.9.0-r18423

Never miss a vulnerability like this again

Reference Links

collector/nvd-index
collector/nvd-historical
agent/references
agent/severity
agent/weakness
agent/author
agent/description
agent/type
agent/event
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/ruby-lang
canonical/ruby-lang ruby
version/ruby-lang ruby/1.6.8
version/ruby-lang ruby/1.8.0
version/ruby-lang ruby/1.8.1
version/ruby-lang ruby/1.8.1--9
version/ruby-lang ruby/1.8.2
version/ruby-lang ruby/1.8.2-preview2
version/ruby-lang ruby/1.8.2-preview3
version/ruby-lang ruby/1.8.2-preview4
version/ruby-lang ruby/1.8.3
version/ruby-lang ruby/1.8.3-preview1
version/ruby-lang ruby/1.8.3-preview2
version/ruby-lang ruby/1.8.3-preview3
version/ruby-lang ruby/1.8.4
version/ruby-lang ruby/1.8.4-preview1
version/ruby-lang ruby/1.8.4-preview2
version/ruby-lang ruby/1.8.4-preview3
version/ruby-lang ruby/1.8.5
version/ruby-lang ruby/1.8.5-p11
version/ruby-lang ruby/1.8.5-p113
version/ruby-lang ruby/1.8.5-p114
version/ruby-lang ruby/1.8.5-p115
version/ruby-lang ruby/1.8.5-p12
version/ruby-lang ruby/1.8.5-p2
version/ruby-lang ruby/1.8.5-p231
version/ruby-lang ruby/1.8.5-p35
version/ruby-lang ruby/1.8.5-p52
version/ruby-lang ruby/1.8.5-preview1
version/ruby-lang ruby/1.8.5-preview2
version/ruby-lang ruby/1.8.5-preview3
version/ruby-lang ruby/1.8.5-preview4
version/ruby-lang ruby/1.8.5-preview5
version/ruby-lang ruby/1.8.6
version/ruby-lang ruby/1.8.6-p110
version/ruby-lang ruby/1.8.6-p111
version/ruby-lang ruby/1.8.6-p114
version/ruby-lang ruby/1.8.6-p230
version/ruby-lang ruby/1.8.6-p286
version/ruby-lang ruby/1.8.6-p36
version/ruby-lang ruby/1.8.6-preview1
version/ruby-lang ruby/1.8.6-preview2
version/ruby-lang ruby/1.8.6-preview3
version/ruby-lang ruby/1.8.7
version/ruby-lang ruby/1.8.7-p17
version/ruby-lang ruby/1.8.7-p22
version/ruby-lang ruby/1.8.7-p71
version/ruby-lang ruby/1.8.7-preview1
version/ruby-lang ruby/1.8.7-preview2
version/ruby-lang ruby/1.8.7-preview3
version/ruby-lang ruby/1.8.7-preview4
version/ruby-lang ruby/1.9.0
version/ruby-lang ruby/1.9.0-r18423

CVE-2008-3443

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact