Computer Security
[EN] securityvulns.ru no-pyccku


Ruby security vulnerabilities
updated since 01.12.2013
Published:29.05.2014
Source:
SecurityVulns ID:13434
Type:library
Threat Level:
5/10
Description:DoS, restrictions bypass.
Affected:RUBY : Ruby 2.1
CVE:CVE-2013-4164 (Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.)
 CVE-2013-2065 ((1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.)
Original documentdocumentAPPLE, APPLE-SA-2014-15-20-1 OS X Server 3.1.2 (29.05.2014)
 documentUBUNTU, [USN-2035-1] Ruby vulnerabilities (01.12.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod