CVE-2008-3656

Name of the Vulnerable Software and Affected Versions Ruby versions 1.8.5 and earlier Ruby versions 1.8.6 through 1.8.6-p286 Ruby versions 1.8.7 through 1.8.7-p71 Ruby versions 1.9 through r18423 libruby1.9-dbg (affected versions not specified) libruby1.9 (affected versions not specified) ri1.9 (affected versions not specified)

Description The issue is related to multiple vulnerabilities in the Ruby package, which can lead to a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression in the WEBrick::HTTPUtils.split header value function. The vulnerabilities can be exploited remotely, potentially disrupting the availability of protected information.

Recommendations For Ruby versions 1.8.5 and earlier, update to a version later than 1.8.5. For Ruby versions 1.8.6 through 1.8.6-p286, update to a version later than 1.8.6-p286. For Ruby versions 1.8.7 through 1.8.7-p71, update to a version later than 1.8.7-p71. For Ruby versions 1.9 through r18423, update to a version later than r18423. For libruby1.9-dbg, libruby1.9, and ri1.9, at the moment, there is no information about a newer version that contains a fix for this vulnerability.