CVE-2013-4363

Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. NOTE: this issue is due to an incomplete fix for CVE-2013-4287.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html	Patch Vendor Advisory
http://www.openwall.com/lists/oss-security/2013/09/14/3	Patch
http://www.openwall.com/lists/oss-security/2013/09/18/8	Patch
http://www.openwall.com/lists/oss-security/2013/09/20/1	Patch
https://puppet.com/security/cve/cve-2013-4363
http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html	Patch Vendor Advisory
http://www.openwall.com/lists/oss-security/2013/09/14/3	Patch
http://www.openwall.com/lists/oss-security/2013/09/18/8	Patch
http://www.openwall.com/lists/oss-security/2013/09/20/1	Patch
https://puppet.com/security/cve/cve-2013-4363

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:rubygems:rubygems::::::::
	cpe:2.3:a:rubygems:rubygems:1.8.0:::::::*
	cpe:2.3:a:rubygems:rubygems:1.8.1:::::::*
	cpe:2.3:a:rubygems:rubygems:1.8.2:::::::*
	cpe:2.3:a:rubygems:rubygems:1.8.3:::::::*
	cpe:2.3:a:rubygems:rubygems:1.8.4:::::::*
	cpe:2.3:a:rubygems:rubygems:1.8.5:::::::*
	cpe:2.3:a:rubygems:rubygems:1.8.6:::::::*
	cpe:2.3:a:rubygems:rubygems:1.8.7:::::::*
	cpe:2.3:a:rubygems:rubygems:1.8.8:::::::*
	cpe:2.3:a:rubygems:rubygems:1.8.9:::::::*
	cpe:2.3:a:rubygems:rubygems:1.8.10:::::::*
	cpe:2.3:a:rubygems:rubygems:1.8.11:::::::*
	cpe:2.3:a:rubygems:rubygems:1.8.12:::::::*
	cpe:2.3:a:rubygems:rubygems:1.8.13:::::::*
	cpe:2.3:a:rubygems:rubygems:1.8.14:::::::*
	cpe:2.3:a:rubygems:rubygems:1.8.15:::::::*
	cpe:2.3:a:rubygems:rubygems:1.8.16:::::::*
	cpe:2.3:a:rubygems:rubygems:1.8.17:::::::*
	cpe:2.3:a:rubygems:rubygems:1.8.18:::::::*
	cpe:2.3:a:rubygems:rubygems:1.8.19:::::::*
	cpe:2.3:a:rubygems:rubygems:1.8.20:::::::*
	cpe:2.3:a:rubygems:rubygems:1.8.21:::::::*
	cpe:2.3:a:rubygems:rubygems:1.8.22:::::::*
	cpe:2.3:a:rubygems:rubygems:1.8.24:::::::*
	cpe:2.3:a:rubygems:rubygems:1.8.25:::::::*
	cpe:2.3:a:rubygems:rubygems:1.8.26:::::::*
	cpe:2.3:a:rubygems:rubygems:2.0.0:::::::*
	cpe:2.3:a:rubygems:rubygems:2.0.0:preview2::::::
	cpe:2.3:a:rubygems:rubygems:2.0.0:preview2.1::::::
	cpe:2.3:a:rubygems:rubygems:2.0.0:preview2.2::::::
	cpe:2.3:a:rubygems:rubygems:2.0.0:rc1::::::
	cpe:2.3:a:rubygems:rubygems:2.0.0:rc2::::::
	cpe:2.3:a:rubygems:rubygems:2.0.1:::::::*
	cpe:2.3:a:rubygems:rubygems:2.0.2:::::::*
	cpe:2.3:a:rubygems:rubygems:2.0.3:::::::*
	cpe:2.3:a:rubygems:rubygems:2.0.4:::::::*
	cpe:2.3:a:rubygems:rubygems:2.0.5:::::::*
	cpe:2.3:a:rubygems:rubygems:2.0.6:::::::*
	cpe:2.3:a:rubygems:rubygems:2.0.7:::::::*
	cpe:2.3:a:rubygems:rubygems:2.0.8:::::::*
	cpe:2.3:a:rubygems:rubygems:2.0.9:::::::*
	cpe:2.3:a:rubygems:rubygems:2.1.0:::::::*
	cpe:2.3:a:rubygems:rubygems:2.1.0:rc1::::::
	cpe:2.3:a:rubygems:rubygems:2.1.0:rc2::::::
	cpe:2.3:a:rubygems:rubygems:2.1.1:::::::*
	cpe:2.3:a:rubygems:rubygems:2.1.2:::::::*
	cpe:2.3:a:rubygems:rubygems:2.1.3:::::::*
	cpe:2.3:a:rubygems:rubygems:2.1.4:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:ruby-lang:ruby:1.9:::::::*
	cpe:2.3:a:ruby-lang:ruby:1.9.1:::::::*
	cpe:2.3:a:ruby-lang:ruby:1.9.2:::::::*
	cpe:2.3:a:ruby-lang:ruby:1.9.3:::::::*
	cpe:2.3:a:ruby-lang:ruby:1.9.3:p0::::::
	cpe:2.3:a:ruby-lang:ruby:1.9.3:p125::::::
	cpe:2.3:a:ruby-lang:ruby:1.9.3:p194::::::
	cpe:2.3:a:ruby-lang:ruby:1.9.3:p286::::::
	cpe:2.3:a:ruby-lang:ruby:1.9.3:p383::::::
	cpe:2.3:a:ruby-lang:ruby:1.9.3:p385::::::
	cpe:2.3:a:ruby-lang:ruby:1.9.3:p392::::::
	cpe:2.3:a:ruby-lang:ruby:1.9.3:p426::::::
	cpe:2.3:a:ruby-lang:ruby:1.9.3:p429::::::
	cpe:2.3:a:ruby-lang:ruby:2.0:::::::*
	cpe:2.3:a:ruby-lang:ruby:2.0.0:::::::*
	cpe:2.3:a:ruby-lang:ruby:2.0.0:p0::::::
	cpe:2.3:a:ruby-lang:ruby:2.0.0:p195::::::
	cpe:2.3:a:ruby-lang:ruby:2.0.0:p247::::::
	cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1::::::
	cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2::::::
	cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1::::::
	cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2::::::

History

21 Nov 2024, 01:55

Type	Values Removed	Values Added
References	~~() http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html - Patch, Vendor Advisory~~	() http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html - Patch, Vendor Advisory
References	~~() http://www.openwall.com/lists/oss-security/2013/09/14/3 - Patch~~	() http://www.openwall.com/lists/oss-security/2013/09/14/3 - Patch
References	~~() http://www.openwall.com/lists/oss-security/2013/09/18/8 - Patch~~	() http://www.openwall.com/lists/oss-security/2013/09/18/8 - Patch
References	~~() http://www.openwall.com/lists/oss-security/2013/09/20/1 - Patch~~	() http://www.openwall.com/lists/oss-security/2013/09/20/1 - Patch
References	~~() https://puppet.com/security/cve/cve-2013-4363 -~~	() https://puppet.com/security/cve/cve-2013-4363 -

Information

Published : 2013-10-17 23:55

Updated : 2024-11-21 01:55

NVD link : CVE-2013-4363

Mitre link : CVE-2013-4363

CVE.ORG link : CVE-2013-4363

JSON object : View

Products Affected

rubygems

rubygems

ruby-lang

ruby

CWE

CWE-310

Cryptographic Issues

4.3 /10