[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-1904Date: (C)2009-06-11   (M)2023-12-22


The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECTRACK-1022371
BID-35278
SECUNIA-35399
SECUNIA-35527
SECUNIA-35593
SECUNIA-35699
SECUNIA-35937
SECUNIA-37705
OSVDB-55031
ADV-2009-1563
APPLE-SA-2010-03-29-1
FEDORA-2009-13066
GLSA-200906-02
MDVSA-2009:160
RHSA-2009:1140
SSA:2009-170-02
USN-805-1
http://mail-index.netbsd.org/pkgsrc-changes/2009/06/10/msg024708.html
http://groups.google.com/group/rubyonrails-security/msg/fad60751e2b9b4f6?dmode=source
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532689
http://bugs.gentoo.org/show_bug.cgi?id=273213
http://github.com/NZKoz/bigdecimal-segfault-fix/tree/master
http://redmine.ruby-lang.org/issues/show/794
http://support.apple.com/kb/HT4077
http://weblog.rubyonrails.org/2009/6/10/dos-vulnerability-in-ruby/
http://www.ruby-forum.com/topic/189071
http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/
https://bugs.launchpad.net/bugs/385436
https://bugs.launchpad.net/bugs/cve/2009-1904
oval:org.mitre.oval:def:9780
ruby-bigdecimal-dos(51032)

CPE    1
cpe:/a:ruby-lang:ruby:1.8.7
CWE    1
CWE-189
OVAL    14
oval:org.secpod.oval:def:700404
oval:org.secpod.oval:def:400065
oval:org.secpod.oval:def:202197
oval:org.secpod.oval:def:202022
...

© SecPod Technologies