Showing 1 - 4 of 4

CVE-2008-3443

Status Candidate

Overview

The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.

Related Files

Debian Linux Security Advisory 1695-1: Posted Jan 3, 2009; Authored by Debian | Site debian.org; Debian Security Advisory 1695-1 - The regular expression engine of Ruby, a scripting language, contains a memory leak which can be triggered remotely under certain circumstances, leading to a denial of service condition (CVE-2008-3443).; tags | advisory, denial of service, memory leak, ruby; systems | linux, debian; advisories | CVE-2008-3443; SHA-256 | 62fdd72240c3de55b5fd7526279f8c8b2e2917d683614d607f4acb29155b2b18; Download | Favorite | View

Ubuntu Security Notice 691-1: Posted Dec 16, 2008; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice USN-691-1 - Laurent Gaffie discovered that Ruby did not properly check for memory allocation failures. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service. This update also fixes a regression in the upstream patch previously applied to fix CVE-2008-3790. The regression would cause parsing of some XML documents to fail.; tags | advisory, denial of service, ruby; systems | linux, ubuntu; advisories | CVE-2008-3443, CVE-2008-3790; SHA-256 | 8e6e9a4a0c546126aa35f85750f347d27b3886321646d22ce793a2ac11d744df; Download | Favorite | View

Mandriva Linux Security Advisory 2008-226: Posted Nov 8, 2008; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory - Denial of service, spoofing, and bypass vulnerabilities exist in Ruby.; tags | advisory, denial of service, spoof, vulnerability, ruby; systems | linux, mandriva; advisories | CVE-2008-3443, CVE-2008-3655, CVE-2008-3656, CVE-2008-3657, CVE-2008-3790, CVE-2008-3905; SHA-256 | 488309119dea14c6a264f6053e8b8d14c8d560c0a40a71fd0e398684d17eb685; Download | Favorite | View

Ubuntu Security Notice 651-1: Posted Oct 11, 2008; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 651-1 - A large amount of vulnerabilities have been addressed in Ruby. These issues include integer overflow, bypass, input validation, and various other vulnerabilities.; tags | advisory, overflow, vulnerability, ruby; systems | linux, ubuntu; advisories | CVE-2008-2376, CVE-2008-3443, CVE-2008-3655, CVE-2008-3656, CVE-2008-3657, CVE-2008-3790, CVE-2008-3905; SHA-256 | 5557d431a53fdfbc495c90e3822a34c8b1dcc60e208ef88fe797ec0c86bfdcfa; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 240 files
indoushka 173 files
Jay Turla 150 files
Ubuntu 78 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,123)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,209)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,823)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,848)
UNIX (9,455)
UnixWare (188)
Windows (6,772)
Other

CVE-2008-3443

Overview

Related Files

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems