Sha256: d1e699abe83588328799b58968c935bbb056e2192fce40dbb4b9cc997a8e6080

Contents?: true

Size: 668 Bytes

Versions: 6

Compression:

Stored size: 668 Bytes

Contents

---
engine: ruby
cve: 2013-4164
osvdb: 100113
url: http://www.osvdb.org/show/osvdb/100113
title: Heap Overflow in Floating Point Parsing (CVE-2013-4164)
date: 2013-11-22
description: |
  Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before
  2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a
  denial of service (segmentation fault) and possibly execute arbitrary code via a string that is
  converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.
cvss_v2: 6.8
patched_versions:
  - ~> 1.9.3.484
  - ~> 2.0.0.353
  - ">= 2.1.0.preview.2"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/rubies/ruby/CVE-2013-4164.yml
bundler-budit-0.6.2 data/ruby-advisory-db/rubies/ruby/OSVDB-100113.yml
bundler-budit-0.6.1 data/ruby-advisory-db/rubies/ruby/OSVDB-100113.yml
bundler-audit-0.6.1 data/ruby-advisory-db/rubies/ruby/OSVDB-100113.yml
bundler-audit-0.6.0 data/ruby-advisory-db/rubies/ruby/OSVDB-100113.yml
bundler-audit-0.5.0 data/ruby-advisory-db/rubies/ruby/OSVDB-100113.yml