---
library: rubygems
cve: 2013-4363
osvdb: 97163
url: http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html
title: RubyGems Multiple API Call Version Validation CPU Consumption DoS
date: 2013-09-24
description: |
  RubyGems contains a flaw that may allow a denial of service. The issue is
  triggered when handling the gem build, Gem::Package, or Gem::PackageTask API
  calls, which attempt to validate the version of the program. This may allow a
  context-dependent attacker to cause a consumption of CPU resources and crash
  the program. This vulnerability is due to an incomplete fix for
  CVE-2013-4287, which allowed a denial of service via improper validation.
cvss_v2: 4.3
patched_versions:
  - ~> 1.8.23.2
  - ~> 1.8.27
  - ~> 2.0.10
  - ">= 2.1.5"