[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

111017

 
 

909

 
 

86402

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2009-1904Date: (C)2009-06-11   (M)2018-06-11


The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 5.0
Exploit Score: Exploit Score: 10.0
Impact Score: Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: LOW
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: NONE
Scope: Integrity: NONE
Confidentiality: Availability: PARTIAL
Integrity:  
Availability:  
  
Reference:
SECTRACK-1022371
BID-35278
SECUNIA-35399
SECUNIA-35527
SECUNIA-35593
SECUNIA-35699
SECUNIA-35937
SECUNIA-37705
OSVDB-55031
ADV-2009-1563
APPLE-SA-2010-03-29-1
FEDORA-2009-13066
GLSA-200906-02
MDVSA-2009:160
RHSA-2009:1140
SSA:2009-170-02
USN-805-1
http://mail-index.netbsd.org/pkgsrc-changes/2009/06/10/msg024708.html
http://groups.google.com/group/rubyonrails-security/msg/fad60751e2b9b4f6?dmode=source
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532689
http://bugs.gentoo.org/show_bug.cgi?id=273213
http://github.com/NZKoz/bigdecimal-segfault-fix/tree/master
http://redmine.ruby-lang.org/issues/show/794
http://support.apple.com/kb/HT4077
http://weblog.rubyonrails.org/2009/6/10/dos-vulnerability-in-ruby/
http://www.ruby-forum.com/topic/189071
http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/
https://bugs.launchpad.net/bugs/385436
https://bugs.launchpad.net/bugs/cve/2009-1904
ruby-bigdecimal-dos(51032)

CPE    1
cpe:/a:ruby-lang:ruby:1.8.7
CWE    1
CWE-189
OVAL    14
oval:org.secpod.oval:def:700195
oval:org.secpod.oval:def:700404
oval:org.secpod.oval:def:3848
oval:org.mitre.oval:def:7853
...

© SecPod Technologies