4.3

CVE-2013-4363

Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.  NOTE: this issue is due to an incomplete fix for CVE-2013-4287.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RubygemsRubygems Version <= 1.8.23
RubygemsRubygems Version1.8.0
RubygemsRubygems Version1.8.1
RubygemsRubygems Version1.8.2
RubygemsRubygems Version1.8.3
RubygemsRubygems Version1.8.4
RubygemsRubygems Version1.8.5
RubygemsRubygems Version1.8.6
RubygemsRubygems Version1.8.7
RubygemsRubygems Version1.8.8
RubygemsRubygems Version1.8.9
RubygemsRubygems Version1.8.10
RubygemsRubygems Version1.8.11
RubygemsRubygems Version1.8.12
RubygemsRubygems Version1.8.13
RubygemsRubygems Version1.8.14
RubygemsRubygems Version1.8.15
RubygemsRubygems Version1.8.16
RubygemsRubygems Version1.8.17
RubygemsRubygems Version1.8.18
RubygemsRubygems Version1.8.19
RubygemsRubygems Version1.8.20
RubygemsRubygems Version1.8.21
RubygemsRubygems Version1.8.22
RubygemsRubygems Version1.8.24
RubygemsRubygems Version1.8.25
RubygemsRubygems Version1.8.26
RubygemsRubygems Version2.0.0
RubygemsRubygems Version2.0.0 Updatepreview2
RubygemsRubygems Version2.0.0 Updatepreview2.1
RubygemsRubygems Version2.0.0 Updatepreview2.2
RubygemsRubygems Version2.0.0 Updaterc1
RubygemsRubygems Version2.0.0 Updaterc2
RubygemsRubygems Version2.0.1
RubygemsRubygems Version2.0.2
RubygemsRubygems Version2.0.3
RubygemsRubygems Version2.0.4
RubygemsRubygems Version2.0.5
RubygemsRubygems Version2.0.6
RubygemsRubygems Version2.0.7
RubygemsRubygems Version2.0.8
RubygemsRubygems Version2.0.9
RubygemsRubygems Version2.1.0
RubygemsRubygems Version2.1.0 Updaterc1
RubygemsRubygems Version2.1.0 Updaterc2
RubygemsRubygems Version2.1.1
RubygemsRubygems Version2.1.2
RubygemsRubygems Version2.1.3
RubygemsRubygems Version2.1.4
Ruby-langRuby Version1.9
Ruby-langRuby Version1.9.1
Ruby-langRuby Version1.9.2
Ruby-langRuby Version1.9.3
Ruby-langRuby Version1.9.3 Updatep0
Ruby-langRuby Version1.9.3 Updatep125
Ruby-langRuby Version1.9.3 Updatep194
Ruby-langRuby Version1.9.3 Updatep286
Ruby-langRuby Version1.9.3 Updatep383
Ruby-langRuby Version1.9.3 Updatep385
Ruby-langRuby Version1.9.3 Updatep392
Ruby-langRuby Version1.9.3 Updatep426
Ruby-langRuby Version1.9.3 Updatep429
Ruby-langRuby Version2.0
Ruby-langRuby Version2.0.0
Ruby-langRuby Version2.0.0 Updatep0
Ruby-langRuby Version2.0.0 Updatep195
Ruby-langRuby Version2.0.0 Updatep247
Ruby-langRuby Version2.0.0 Updatepreview1
Ruby-langRuby Version2.0.0 Updatepreview2
Ruby-langRuby Version2.0.0 Updaterc1
Ruby-langRuby Version2.0.0 Updaterc2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.66% 0.703
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P