What is the severity of CVE-2013-4363?

CVE-2013-4363 has a high severity rating due to its potential to cause denial of service attacks.

How do I fix CVE-2013-4363?

To fix CVE-2013-4363, update RubyGems to version 2.1.5, 2.0.10, or 1.8.27 or higher.

What systems are affected by CVE-2013-4363?

CVE-2013-4363 impacts RubyGems versions prior to 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5.

What is the nature of the vulnerability in CVE-2013-4363?

CVE-2013-4363 is an algorithmic complexity vulnerability that can be exploited to perform denial of service.

Is CVE-2013-4363 a remote vulnerability?

Yes, CVE-2013-4363 allows remote attackers to exploit the vulnerability to cause a denial of service.

Vulnerability/
CVE-2013-4363

medium

4.3

CWE

310

17/10/2013

17/5/2022

6/8/2024

CVE-2013-4363

First published: Thu Oct 17 2013(Updated: )

Algorithmic complexity vulnerability in `Gem::Version::ANCHORED_VERSION_PATTERN` in `lib/rubygems/version.rb` in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. NOTE: this issue is due to an incomplete fix for CVE-2013-4287.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
rubygems/rubygems-update	>=2.1.0<2.1.5	2.1.5
rubygems/rubygems-update	>=2.0.0<2.0.10	2.0.10
rubygems/rubygems-update	>=1.8.24<1.8.27	1.8.27
rubygems/rubygems-update	<1.8.23.2	1.8.23.2
RubyGems Mail Gem	<=1.8.23
RubyGems Mail Gem	=1.8.0
RubyGems Mail Gem	=1.8.1
RubyGems Mail Gem	=1.8.2
RubyGems Mail Gem	=1.8.3
RubyGems Mail Gem	=1.8.4
RubyGems Mail Gem	=1.8.5
RubyGems Mail Gem	=1.8.6
RubyGems Mail Gem	=1.8.7
RubyGems Mail Gem	=1.8.8
RubyGems Mail Gem	=1.8.9
RubyGems Mail Gem	=1.8.10
RubyGems Mail Gem	=1.8.11
RubyGems Mail Gem	=1.8.12
RubyGems Mail Gem	=1.8.13
RubyGems Mail Gem	=1.8.14
RubyGems Mail Gem	=1.8.15
RubyGems Mail Gem	=1.8.16
RubyGems Mail Gem	=1.8.17
RubyGems Mail Gem	=1.8.18
RubyGems Mail Gem	=1.8.19
RubyGems Mail Gem	=1.8.20
RubyGems Mail Gem	=1.8.21
RubyGems Mail Gem	=1.8.22
RubyGems Mail Gem	=1.8.24
RubyGems Mail Gem	=1.8.25
RubyGems Mail Gem	=1.8.26
RubyGems Mail Gem	=2.0.0
RubyGems Mail Gem	=2.0.0-preview2
RubyGems Mail Gem	=2.0.0-preview2.1
RubyGems Mail Gem	=2.0.0-preview2.2
RubyGems Mail Gem	=2.0.0-rc1
RubyGems Mail Gem	=2.0.0-rc2
RubyGems Mail Gem	=2.0.1
RubyGems Mail Gem	=2.0.2
RubyGems Mail Gem	=2.0.3
RubyGems Mail Gem	=2.0.4
RubyGems Mail Gem	=2.0.5
RubyGems Mail Gem	=2.0.6
RubyGems Mail Gem	=2.0.7
RubyGems Mail Gem	=2.0.8
RubyGems Mail Gem	=2.0.9
RubyGems Mail Gem	=2.1.0
RubyGems Mail Gem	=2.1.0-rc1
RubyGems Mail Gem	=2.1.0-rc2
RubyGems Mail Gem	=2.1.1
RubyGems Mail Gem	=2.1.2
RubyGems Mail Gem	=2.1.3
RubyGems Mail Gem	=2.1.4
Ruby	=1.9
Ruby	=1.9.1
Ruby	=1.9.2
Ruby	=1.9.3
Ruby	=1.9.3-p0
Ruby	=1.9.3-p125
Ruby	=1.9.3-p194
Ruby	=1.9.3-p286
Ruby	=1.9.3-p383
Ruby	=1.9.3-p385
Ruby	=1.9.3-p392
Ruby	=1.9.3-p426
Ruby	=1.9.3-p429
Ruby	=2.0
Ruby	=2.0.0
Ruby	=2.0.0-p0
Ruby	=2.0.0-p195
Ruby	=2.0.0-p247
Ruby	=2.0.0-preview1
Ruby	=2.0.0-preview2
Ruby	=2.0.0-rc1
Ruby	=2.0.0-rc2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-4363?
CVE-2013-4363 has a high severity rating due to its potential to cause denial of service attacks.
How do I fix CVE-2013-4363?
To fix CVE-2013-4363, update RubyGems to version 2.1.5, 2.0.10, or 1.8.27 or higher.
What systems are affected by CVE-2013-4363?
CVE-2013-4363 impacts RubyGems versions prior to 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5.
What is the nature of the vulnerability in CVE-2013-4363?
CVE-2013-4363 is an algorithmic complexity vulnerability that can be exploited to perform denial of service.
Is CVE-2013-4363 a remote vulnerability?
Yes, CVE-2013-4363 allows remote attackers to exploit the vulnerability to cause a denial of service.

collector/github-advisory-latest
alias/GHSA-9qvm-2vhf-q649
alias/CVE-2013-4363
collector/github-advisory
agent/type
agent/author
agent/remedy
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/weakness
agent/severity
agent/references
agent/event
agent/description
agent/first-publish-date
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-cve
package-manager/rubygems
vendor/rubygems
canonical/rubygems mail gem
version/rubygems mail gem/1.8.23
version/rubygems mail gem/1.8.0
version/rubygems mail gem/1.8.1
version/rubygems mail gem/1.8.2
version/rubygems mail gem/1.8.3
version/rubygems mail gem/1.8.4
version/rubygems mail gem/1.8.5
version/rubygems mail gem/1.8.6
version/rubygems mail gem/1.8.7
version/rubygems mail gem/1.8.8
version/rubygems mail gem/1.8.9
version/rubygems mail gem/1.8.10
version/rubygems mail gem/1.8.11
version/rubygems mail gem/1.8.12
version/rubygems mail gem/1.8.13
version/rubygems mail gem/1.8.14
version/rubygems mail gem/1.8.15
version/rubygems mail gem/1.8.16
version/rubygems mail gem/1.8.17
version/rubygems mail gem/1.8.18
version/rubygems mail gem/1.8.19
version/rubygems mail gem/1.8.20
version/rubygems mail gem/1.8.21
version/rubygems mail gem/1.8.22
version/rubygems mail gem/1.8.24
version/rubygems mail gem/1.8.25
version/rubygems mail gem/1.8.26
version/rubygems mail gem/2.0.0
version/rubygems mail gem/2.0.0-preview2
version/rubygems mail gem/2.0.0-preview2.1
version/rubygems mail gem/2.0.0-preview2.2
version/rubygems mail gem/2.0.0-rc1
version/rubygems mail gem/2.0.0-rc2
version/rubygems mail gem/2.0.1
version/rubygems mail gem/2.0.2
version/rubygems mail gem/2.0.3
version/rubygems mail gem/2.0.4
version/rubygems mail gem/2.0.5
version/rubygems mail gem/2.0.6
version/rubygems mail gem/2.0.7
version/rubygems mail gem/2.0.8
version/rubygems mail gem/2.0.9
version/rubygems mail gem/2.1.0
version/rubygems mail gem/2.1.0-rc1
version/rubygems mail gem/2.1.0-rc2
version/rubygems mail gem/2.1.1
version/rubygems mail gem/2.1.2
version/rubygems mail gem/2.1.3
version/rubygems mail gem/2.1.4
vendor/ruby-lang
canonical/ruby
version/ruby/1.9
version/ruby/1.9.1
version/ruby/1.9.2
version/ruby/1.9.3
version/ruby/1.9.3-p0
version/ruby/1.9.3-p125
version/ruby/1.9.3-p194
version/ruby/1.9.3-p286
version/ruby/1.9.3-p383
version/ruby/1.9.3-p385
version/ruby/1.9.3-p392
version/ruby/1.9.3-p426
version/ruby/1.9.3-p429
version/ruby/2.0
version/ruby/2.0.0
version/ruby/2.0.0-p0
version/ruby/2.0.0-p195
version/ruby/2.0.0-p247
version/ruby/2.0.0-preview1
version/ruby/2.0.0-preview2
version/ruby/2.0.0-rc1
version/ruby/2.0.0-rc2

CVE-2013-4363

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-4363?

How do I fix CVE-2013-4363?

What systems are affected by CVE-2013-4363?

What is the nature of the vulnerability in CVE-2013-4363?

Is CVE-2013-4363 a remote vulnerability?

Company

Resources

Contact