cpe:/a:ruby-lang:ruby:1.8.6 cpe:/a:ruby-lang:ruby:1.8.7 CVE-2009-1904 2009-06-11T17:30:00.217-04:00 2017-09-28T21:34:38.763-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2009-06-12T10:03:00.000-04:00 SECTRACK 1022371 BID 35278 SECUNIA 35399 SECUNIA 35527 SECUNIA 35593 SECUNIA 35699 SECUNIA 35937 SECUNIA 37705 OSVDB 55031 VUPEN ADV-2009-1563 APPLE APPLE-SA-2010-03-29-1 FEDORA FEDORA-2009-13066 GENTOO GLSA-200906-02 MANDRIVA MDVSA-2009:160 REDHAT RHSA-2009:1140 SLACKWARE SSA:2009-170-02 UBUNTU USN-805-1 MLIST [pkgsrc-changes] 20090610 CVS commit: pkgsrc/lang/ruby18-base MLIST [rubyonrails-security] 20090610 DoS Vulnerability in Ruby (CVE-2009-1904) CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532689 CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=273213 CONFIRM http://github.com/NZKoz/bigdecimal-segfault-fix/tree/master CONFIRM http://redmine.ruby-lang.org/issues/show/794 CONFIRM http://support.apple.com/kb/HT4077 CONFIRM http://weblog.rubyonrails.org/2009/6/10/dos-vulnerability-in-ruby/ CONFIRM http://www.ruby-forum.com/topic/189071 CONFIRM http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/ CONFIRM https://bugs.launchpad.net/bugs/385436 CONFIRM https://bugs.launchpad.net/bugs/cve/2009-1904 XF ruby-bigdecimal-dos(51032) The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type.