CVE-2009-1904

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2009-1904
The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532689 Patch
http://bugs.gentoo.org/show_bug.cgi?id=273213
http://github.com/NZKoz/bigdecimal-segfault-fix/tree/master Patch
http://groups.google.com/group/rubyonrails-security/msg/fad60751e2b9b4f6?dmode=source
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://mail-index.netbsd.org/pkgsrc-changes/2009/06/10/msg024708.html
http://osvdb.org/55031
http://redmine.ruby-lang.org/issues/show/794 Exploit Patch
http://secunia.com/advisories/35399 Vendor Advisory
http://secunia.com/advisories/35527
http://secunia.com/advisories/35593
http://secunia.com/advisories/35699
http://secunia.com/advisories/35937
http://secunia.com/advisories/37705
http://security.gentoo.org/glsa/glsa-200906-02.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.430805
http://support.apple.com/kb/HT4077
http://weblog.rubyonrails.org/2009/6/10/dos-vulnerability-in-ruby/ Patch
http://www.mandriva.com/security/advisories?name=MDVSA-2009:160
http://www.redhat.com/support/errata/RHSA-2009-1140.html
http://www.ruby-forum.com/topic/189071
http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/ Patch Vendor Advisory
http://www.securityfocus.com/bid/35278
http://www.securitytracker.com/id?1022371
http://www.ubuntu.com/usn/USN-805-1
http://www.vupen.com/english/advisories/2009/1563
https://bugs.launchpad.net/bugs/385436
https://bugs.launchpad.net/bugs/cve/2009-1904
https://exchange.xforce.ibmcloud.com/vulnerabilities/51032
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9780
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00731.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532689 Patch
http://bugs.gentoo.org/show_bug.cgi?id=273213
http://github.com/NZKoz/bigdecimal-segfault-fix/tree/master Patch
http://groups.google.com/group/rubyonrails-security/msg/fad60751e2b9b4f6?dmode=source
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://mail-index.netbsd.org/pkgsrc-changes/2009/06/10/msg024708.html
http://osvdb.org/55031
http://redmine.ruby-lang.org/issues/show/794 Exploit Patch
http://secunia.com/advisories/35399 Vendor Advisory
http://secunia.com/advisories/35527
http://secunia.com/advisories/35593
http://secunia.com/advisories/35699
http://secunia.com/advisories/35937
http://secunia.com/advisories/37705
http://security.gentoo.org/glsa/glsa-200906-02.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.430805
http://support.apple.com/kb/HT4077
http://weblog.rubyonrails.org/2009/6/10/dos-vulnerability-in-ruby/ Patch
http://www.mandriva.com/security/advisories?name=MDVSA-2009:160
http://www.redhat.com/support/errata/RHSA-2009-1140.html
http://www.ruby-forum.com/topic/189071
http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/ Patch Vendor Advisory
http://www.securityfocus.com/bid/35278
http://www.securitytracker.com/id?1022371
http://www.ubuntu.com/usn/USN-805-1
http://www.vupen.com/english/advisories/2009/1563
https://bugs.launchpad.net/bugs/385436
https://bugs.launchpad.net/bugs/cve/2009-1904
https://exchange.xforce.ibmcloud.com/vulnerabilities/51032
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9780
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00731.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*
History

21 Nov 2024, 01:03

Type Values Removed Values Added
References () http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532689 - Patch () http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532689 - Patch
References () http://bugs.gentoo.org/show_bug.cgi?id=273213 - () http://bugs.gentoo.org/show_bug.cgi?id=273213 -
References () http://github.com/NZKoz/bigdecimal-segfault-fix/tree/master - Patch () http://github.com/NZKoz/bigdecimal-segfault-fix/tree/master - Patch
References () http://groups.google.com/group/rubyonrails-security/msg/fad60751e2b9b4f6?dmode=source - () http://groups.google.com/group/rubyonrails-security/msg/fad60751e2b9b4f6?dmode=source -
References () http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html - () http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html -
References () http://mail-index.netbsd.org/pkgsrc-changes/2009/06/10/msg024708.html - () http://mail-index.netbsd.org/pkgsrc-changes/2009/06/10/msg024708.html -
References () http://osvdb.org/55031 - () http://osvdb.org/55031 -
References () http://redmine.ruby-lang.org/issues/show/794 - Exploit, Patch () http://redmine.ruby-lang.org/issues/show/794 - Exploit, Patch
References () http://secunia.com/advisories/35399 - Vendor Advisory () http://secunia.com/advisories/35399 - Vendor Advisory
References () http://secunia.com/advisories/35527 - () http://secunia.com/advisories/35527 -
References () http://secunia.com/advisories/35593 - () http://secunia.com/advisories/35593 -
References () http://secunia.com/advisories/35699 - () http://secunia.com/advisories/35699 -
References () http://secunia.com/advisories/35937 - () http://secunia.com/advisories/35937 -
References () http://secunia.com/advisories/37705 - () http://secunia.com/advisories/37705 -
References () http://security.gentoo.org/glsa/glsa-200906-02.xml - () http://security.gentoo.org/glsa/glsa-200906-02.xml -
References () http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.430805 - () http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.430805 -
References () http://support.apple.com/kb/HT4077 - () http://support.apple.com/kb/HT4077 -
References () http://weblog.rubyonrails.org/2009/6/10/dos-vulnerability-in-ruby/ - Patch () http://weblog.rubyonrails.org/2009/6/10/dos-vulnerability-in-ruby/ - Patch
References () http://www.mandriva.com/security/advisories?name=MDVSA-2009:160 - () http://www.mandriva.com/security/advisories?name=MDVSA-2009:160 -
References () http://www.redhat.com/support/errata/RHSA-2009-1140.html - () http://www.redhat.com/support/errata/RHSA-2009-1140.html -
References () http://www.ruby-forum.com/topic/189071 - () http://www.ruby-forum.com/topic/189071 -
References () http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/ - Patch, Vendor Advisory () http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/ - Patch, Vendor Advisory
References () http://www.securityfocus.com/bid/35278 - () http://www.securityfocus.com/bid/35278 -
References () http://www.securitytracker.com/id?1022371 - () http://www.securitytracker.com/id?1022371 -
References () http://www.ubuntu.com/usn/USN-805-1 - () http://www.ubuntu.com/usn/USN-805-1 -
References () http://www.vupen.com/english/advisories/2009/1563 - () http://www.vupen.com/english/advisories/2009/1563 -
References () https://bugs.launchpad.net/bugs/385436 - () https://bugs.launchpad.net/bugs/385436 -
References () https://bugs.launchpad.net/bugs/cve/2009-1904 - () https://bugs.launchpad.net/bugs/cve/2009-1904 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/51032 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/51032 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9780 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9780 -
References () https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00731.html - () https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00731.html -
Information

Published : 2009-06-11 21:30

Updated : 2024-11-21 01:03

NVD link : CVE-2009-1904

Mitre link : CVE-2009-1904

CVE.ORG link : CVE-2009-1904

JSON object : View

Products Affected

ruby-lang

  • ruby
CWE
CWE-189

Numeric Errors


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024