Showing 1 - 1 of 1

CVE-2013-1800

Status Candidate

Overview

The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.

Related Files

Gentoo Linux Security Advisory 201404-04: Posted Apr 7, 2014; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201404-4 - A vulnerability in Crack might allow remote attackers to execute arbitrary code. Versions less than 0.3.2 are affected.; tags | advisory, remote, arbitrary; systems | linux, gentoo; advisories | CVE-2013-1800; SHA-256 | 787bea35901f30a270ecc027971222399b9ca460eb3dc5673b85b2518f5fce06; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 251 files
indoushka 155 files
Ubuntu 91 files
Gentoo 32 files
Debian 21 files
LiquidWorm 14 files
Apple 11 files
malvuln 8 files
Google Security Research 7 files
verylazytech 4 files

File Archives

Systems

AIX (430)
Apple (2,117)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,140)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (391)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,531)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,026)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,914)
UNIX (9,469)
UnixWare (188)
Windows (6,784)
Other

CVE-2013-1800

Overview

Related Files

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems