CVE-2013-4287
First published: Thu Oct 17 2013(Updated: )
Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in `lib/rubygems/version.rb` in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Enterprise Linux | =6.0 | |
| Rubygems Rubygems | <=1.8.23 | |
| Rubygems Rubygems | =1.8.0 | |
| Rubygems Rubygems | =1.8.1 | |
| Rubygems Rubygems | =1.8.2 | |
| Rubygems Rubygems | =1.8.3 | |
| Rubygems Rubygems | =1.8.4 | |
| Rubygems Rubygems | =1.8.5 | |
| Rubygems Rubygems | =1.8.6 | |
| Rubygems Rubygems | =1.8.7 | |
| Rubygems Rubygems | =1.8.8 | |
| Rubygems Rubygems | =1.8.9 | |
| Rubygems Rubygems | =1.8.10 | |
| Rubygems Rubygems | =1.8.11 | |
| Rubygems Rubygems | =1.8.12 | |
| Rubygems Rubygems | =1.8.13 | |
| Rubygems Rubygems | =1.8.14 | |
| Rubygems Rubygems | =1.8.15 | |
| Rubygems Rubygems | =1.8.16 | |
| Rubygems Rubygems | =1.8.17 | |
| Rubygems Rubygems | =1.8.18 | |
| Rubygems Rubygems | =1.8.19 | |
| Rubygems Rubygems | =1.8.20 | |
| Rubygems Rubygems | =1.8.21 | |
| Rubygems Rubygems | =1.8.22 | |
| Rubygems Rubygems | =1.8.24 | |
| Rubygems Rubygems | =1.8.25 | |
| Rubygems Rubygems | =2.0.0 | |
| Rubygems Rubygems | =2.0.1 | |
| Rubygems Rubygems | =2.0.2 | |
| Rubygems Rubygems | =2.0.3 | |
| Rubygems Rubygems | =2.0.4 | |
| Rubygems Rubygems | =2.0.5 | |
| Rubygems Rubygems | =2.0.6 | |
| Rubygems Rubygems | =2.0.7 | |
| Rubygems Rubygems | =2.1.0-rc1 | |
| Rubygems Rubygems | =2.1.0-rc2 | |
| Ruby-lang Ruby | =1.9 | |
| Ruby-lang Ruby | =1.9.1 | |
| Ruby-lang Ruby | =1.9.2 | |
| Ruby-lang Ruby | =1.9.3 | |
| Ruby-lang Ruby | =1.9.3-p0 | |
| Ruby-lang Ruby | =1.9.3-p125 | |
| Ruby-lang Ruby | =1.9.3-p194 | |
| Ruby-lang Ruby | =1.9.3-p286 | |
| Ruby-lang Ruby | =1.9.3-p383 | |
| Ruby-lang Ruby | =1.9.3-p385 | |
| Ruby-lang Ruby | =1.9.3-p392 | |
| Ruby-lang Ruby | =1.9.3-p426 | |
| Ruby-lang Ruby | =1.9.3-p429 | |
| Ruby-lang Ruby | =2.0 | |
| Ruby-lang Ruby | =2.0.0 | |
| Ruby-lang Ruby | =2.0.0-p0 | |
| Ruby-lang Ruby | =2.0.0-p195 | |
| Ruby-lang Ruby | =2.0.0-p247 | |
| Ruby-lang Ruby | =2.0.0-preview1 | |
| Ruby-lang Ruby | =2.0.0-preview2 | |
| Ruby-lang Ruby | =2.0.0-rc1 | |
| Ruby-lang Ruby | =2.0.0-rc2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://blog.rubygems.org/2013/09/09/CVE-2013-4287.html
- http://rhn.redhat.com/errata/RHSA-2013-1427.html
- http://rhn.redhat.com/errata/RHSA-2013-1441.html
- http://rhn.redhat.com/errata/RHSA-2013-1523.html
- http://rhn.redhat.com/errata/RHSA-2013-1852.html
- http://rhn.redhat.com/errata/RHSA-2014-0207.html
- http://secunia.com/advisories/55381
- http://www.openwall.com/lists/oss-security/2013/09/10/1
- https://puppet.com/security/cve/cve-2013-4287
- collector/github-advisory-latest
- alias/GHSA-9j7m-rjqx-48vh
- alias/CVE-2013-4287
- collector/github-advisory
- collector/nvd-index
- collector/nvd-cve
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/remedy
- agent/first-publish-date
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/softwarecombine
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- package-manager/rubygems
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/6.0
- vendor/rubygems
- canonical/rubygems rubygems
- version/rubygems rubygems/1.8.23
- version/rubygems rubygems/1.8.0
- version/rubygems rubygems/1.8.1
- version/rubygems rubygems/1.8.2
- version/rubygems rubygems/1.8.3
- version/rubygems rubygems/1.8.4
- version/rubygems rubygems/1.8.5
- version/rubygems rubygems/1.8.6
- version/rubygems rubygems/1.8.7
- version/rubygems rubygems/1.8.8
- version/rubygems rubygems/1.8.9
- version/rubygems rubygems/1.8.10
- version/rubygems rubygems/1.8.11
- version/rubygems rubygems/1.8.12
- version/rubygems rubygems/1.8.13
- version/rubygems rubygems/1.8.14
- version/rubygems rubygems/1.8.15
- version/rubygems rubygems/1.8.16
- version/rubygems rubygems/1.8.17
- version/rubygems rubygems/1.8.18
- version/rubygems rubygems/1.8.19
- version/rubygems rubygems/1.8.20
- version/rubygems rubygems/1.8.21
- version/rubygems rubygems/1.8.22
- version/rubygems rubygems/1.8.24
- version/rubygems rubygems/1.8.25
- version/rubygems rubygems/2.0.0
- version/rubygems rubygems/2.0.1
- version/rubygems rubygems/2.0.2
- version/rubygems rubygems/2.0.3
- version/rubygems rubygems/2.0.4
- version/rubygems rubygems/2.0.5
- version/rubygems rubygems/2.0.6
- version/rubygems rubygems/2.0.7
- version/rubygems rubygems/2.1.0-rc1
- version/rubygems rubygems/2.1.0-rc2
- vendor/ruby-lang
- canonical/ruby-lang ruby
- version/ruby-lang ruby/1.9
- version/ruby-lang ruby/1.9.1
- version/ruby-lang ruby/1.9.2
- version/ruby-lang ruby/1.9.3
- version/ruby-lang ruby/1.9.3-p0
- version/ruby-lang ruby/1.9.3-p125
- version/ruby-lang ruby/1.9.3-p194
- version/ruby-lang ruby/1.9.3-p286
- version/ruby-lang ruby/1.9.3-p383
- version/ruby-lang ruby/1.9.3-p385
- version/ruby-lang ruby/1.9.3-p392
- version/ruby-lang ruby/1.9.3-p426
- version/ruby-lang ruby/1.9.3-p429
- version/ruby-lang ruby/2.0
- version/ruby-lang ruby/2.0.0
- version/ruby-lang ruby/2.0.0-p0
- version/ruby-lang ruby/2.0.0-p195
- version/ruby-lang ruby/2.0.0-p247
- version/ruby-lang ruby/2.0.0-preview1
- version/ruby-lang ruby/2.0.0-preview2
- version/ruby-lang ruby/2.0.0-rc1
- version/ruby-lang ruby/2.0.0-rc2