CVE-2008-3443

Name of the Vulnerable Software and Affected Versions Ruby versions 1.8.5 and earlier Ruby versions 1.8.6 through 1.8.6-p286 Ruby versions 1.8.7 through 1.8.7-p71 Ruby versions 1.9 through r18423

Description The issue concerns multiple vulnerabilities in the Ruby package, which can lead to a denial of service, causing a disruption in the availability of protected information. These vulnerabilities can be exploited remotely, potentially through a Ruby socket. The regular expression engine in affected Ruby versions allows remote attackers to cause an infinite loop and crash via multiple long requests, related to memory allocation failure.

Recommendations For Ruby version 1.8.5 and earlier, update to a version later than 1.8.5 to resolve the issue. For Ruby versions 1.8.6 through 1.8.6-p286, update to a version later than 1.8.6-p286 to resolve the issue. For Ruby versions 1.8.7 through 1.8.7-p71, update to a version later than 1.8.7-p71 to resolve the issue. For Ruby versions 1.9 through r18423, update to a version later than r18423 to resolve the issue.