PT-2017-5976 · Ruby · Ruby

Postmodern

Published

2017-09-06

Updated

2017-09-11

CVE-2014-6438

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions: Ruby versions prior to 1.9.2-p330

Description: The issue allows remote attackers to cause a denial of service via a crafted string, potentially leading to catastrophic regular expression backtracking, resource consumption, or application crash. This is due to a problem in the URI.decode www form component method.

Recommendations: For versions prior to 1.9.2-p330, update to version 1.9.2-p330 or later to resolve the issue.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2014-6438

DLA-275-1

RHSA-2026:7305

RHSA-2026:7307

RHSA-2026:8838

Affected Products

Ruby

PT-2017-5976 · Ruby · Ruby

CVE-2014-6438

Weakness Enumeration

Related Identifiers

Affected Products

References · 5