exploit the possibilities
Showing 1 - 13 of 13 RSS Feed

CVE-2013-4164

Status Candidate

Overview

Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.

Related Files

Gentoo Linux Security Advisory 201412-27
Posted Dec 15, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-27 - Multiple vulnerabilities have been found in Ruby, allowing context-dependent attackers to cause a Denial of Service condition. Versions less than 2.0.0_p598 are affected.

tags | advisory, denial of service, vulnerability, ruby
systems | linux, gentoo
advisories | CVE-2011-0188, CVE-2011-1004, CVE-2011-1005, CVE-2011-4815, CVE-2012-4481, CVE-2012-5371, CVE-2013-0269, CVE-2013-1821, CVE-2013-4164, CVE-2014-8080, CVE-2014-8090
MD5 | 813b38bb3f2ea9ccac81d5704af95024
Apple Security Advisory 2014-10-16-3
Posted Oct 17, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-10-16-3 - OS X Server 4.0 is now available and addresses vulnerabilities in BIND, Wiki server, Xcode server, PostgreSQL, and various other software.

tags | advisory, vulnerability
systems | apple, osx
advisories | CVE-2013-3919, CVE-2013-4164, CVE-2013-4854, CVE-2013-6393, CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066, CVE-2014-0591, CVE-2014-3566, CVE-2014-4406, CVE-2014-4424, CVE-2014-4446, CVE-2014-4447
MD5 | 12ebf98ae908c3acd7969b382f431f2e
Apple Security Advisory 2014-04-22-1
Posted Apr 23, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-04-22-1 - Security Update 2014-002 is now available and addresses vulnerabilities in CFNetwork HTTPProtocol, CoreServicesUIAgent, FontParser, Heimdal Kerberos, ImageIO, Intel Graphics Driver, IOKit Kernel, the kernel, power management, Ruby, and more.

tags | advisory, kernel, vulnerability, ruby
systems | apple
advisories | CVE-2013-4164, CVE-2013-5170, CVE-2013-6393, CVE-2014-1295, CVE-2014-1296, CVE-2014-1314, CVE-2014-1315, CVE-2014-1316, CVE-2014-1318, CVE-2014-1319, CVE-2014-1320, CVE-2014-1321, CVE-2014-1322
MD5 | 85aec207c76bbc366a8922e7e5c5a72c
Red Hat Security Advisory 2014-0215-01
Posted Mar 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0215-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation enterprises need to address the challenges of managing virtual environments, which are far more complex than physical ones. This technology enables enterprises with existing virtual infrastructures to improve visibility and control, and those just starting virtualization deployments to build and operate a well-managed virtual infrastructure. A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application.

tags | advisory, overflow, arbitrary, ruby
systems | linux, redhat
advisories | CVE-2013-4164, CVE-2014-0057, CVE-2014-0081, CVE-2014-0082
MD5 | e1a7d0c7e42e3692cd8b570e480fe9c5
Red Hat Security Advisory 2014-0011-01
Posted Jan 8, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0011-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application.

tags | advisory, overflow, arbitrary, ruby
systems | linux, redhat
advisories | CVE-2013-4164
MD5 | 8b58b32ce7dcc253bf460f6aba37fe0f
Slackware Security Advisory - ruby Updates
Posted Dec 18, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New ruby packages are available for Slackware 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.

tags | advisory, ruby
systems | linux, slackware
advisories | CVE-2013-4164
MD5 | 8e1d38702aee4f45812f63a43cb51195
Debian Security Advisory 2810-1
Posted Dec 5, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2810-1 - Charlie Somerville discovered that Ruby incorrectly handled floating point number conversion. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application.

tags | advisory, arbitrary, ruby
systems | linux, debian
advisories | CVE-2013-4164
MD5 | 6498173d65a1c9ecdc5c9d0293cc1146
Debian Security Advisory 2809-1
Posted Dec 5, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2809-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language.

tags | advisory, vulnerability, ruby
systems | linux, debian
advisories | CVE-2013-1821, CVE-2013-4073, CVE-2013-4164
MD5 | e799f488cbc7b8db8045f474277c1fdd
Ubuntu Security Notice USN-2035-1
Posted Nov 27, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2035-1 - Charlie Somerville discovered that Ruby incorrectly handled floating point number conversion. An attacker could possibly use this issue with an application that converts text to floating point numbers to cause the application to crash, resulting in a denial of service, or possibly execute arbitrary code. Vit Ondruch discovered that Ruby did not perform taint checking for certain functions. An attacker could possibly use this issue to bypass certain intended restrictions. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, ruby
systems | linux, ubuntu
advisories | CVE-2013-4164, CVE-2013-2065, CVE-2013-2065, CVE-2013-4164
MD5 | a993e5bd40e2e44c864bb09b2e97bc80
Red Hat Security Advisory 2013-1767-01
Posted Nov 27, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1767-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application.

tags | advisory, overflow, arbitrary, ruby
systems | linux, redhat
advisories | CVE-2013-4164
MD5 | ebb935702ad996202cc29ef2059d9141
Mandriva Linux Security Advisory 2013-286
Posted Nov 26, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-286 - Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using JSON.parse. The updated packages have been patched to correct these issues.

tags | advisory, denial of service, overflow, arbitrary, ruby
systems | linux, mandriva
advisories | CVE-2013-4164
MD5 | dd23f5509f4b44a6c7744d9d307bf3d4
Red Hat Security Advisory 2013-1763-01
Posted Nov 26, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1763-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application.

tags | advisory, overflow, arbitrary, ruby
systems | linux, redhat
advisories | CVE-2013-4164
MD5 | 9e03cfb1d1fc97ae6a658f592bb94c40
Red Hat Security Advisory 2013-1764-01
Posted Nov 26, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1764-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application.

tags | advisory, overflow, arbitrary, ruby
systems | linux, redhat
advisories | CVE-2013-4164
MD5 | 93343143988608f7d1fd17c0cf822dc3
Page 1 of 1
Back1Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    1 Files
  • 26
    Oct 26th
    17 Files
  • 27
    Oct 27th
    19 Files
  • 28
    Oct 28th
    29 Files
  • 29
    Oct 29th
    13 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close