PT-2013-4937 · Ruby+3 · Rubygems+3

Damir Sharipov

Publicado

2013-10-09

Atualizado

2025-09-29

CVE-2013-4287

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions RubyGems versions 1.8.24 through 1.8.25 RubyGems versions 2.0.x through 2.0.7 RubyGems versions 2.1.x through 2.1.0 RubyGems version 1.8.23 and earlier

Description The issue allows remote attackers to cause a denial of service via a crafted gem version that triggers a large amount of backtracking in a regular expression in the Gem::Version::VERSION PATTERN in lib/rubygems/version.rb. This can lead to CPU consumption.

Recommendations For RubyGems versions 1.8.24 through 1.8.25, update to version 1.8.26 or later. For RubyGems versions 2.0.x through 2.0.7, update to version 2.0.8 or later. For RubyGems versions 2.1.x through 2.1.0, update to version 2.1.1 or later. For RubyGems version 1.8.23 and earlier, update to version 1.8.23.1 or later. As a temporary workaround, consider restricting the use of the Gem::Version::VERSION PATTERN until a patch is available.

Exploit

Correção

DoS

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400CWE-310

Identificadores relacionados

ALSA-2025_16880

ALT-PU-2016-2061

CESA-2013_1441

CVE-2013-4287

GHSA-9J7M-RJQX-48VH

MGASA-2013-0297

RHSA-2013:1427

RHSA-2013:1441

RHSA-2013:1523

RHSA-2013:1852

RHSA-2013_1441

RHSA-2014:0207

Produtos afetados

Alt Linux

Centos

Red Hat

Rubygems

PT-2013-4937 · Ruby+3 · Rubygems+3

CVE-2013-4287

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 28