Showing 1 - 4 of 4

CVE-2008-3443

Status Candidate

Overview

The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.

Related Files

Debian Linux Security Advisory 1695-1: Posted Jan 3, 2009; Authored by Debian | Site debian.org; Debian Security Advisory 1695-1 - The regular expression engine of Ruby, a scripting language, contains a memory leak which can be triggered remotely under certain circumstances, leading to a denial of service condition (CVE-2008-3443).; tags | advisory, denial of service, memory leak, ruby; systems | linux, debian; advisories | CVE-2008-3443; SHA-256 | 62fdd72240c3de55b5fd7526279f8c8b2e2917d683614d607f4acb29155b2b18; Download | Favorite | View

Ubuntu Security Notice 691-1: Posted Dec 16, 2008; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice USN-691-1 - Laurent Gaffie discovered that Ruby did not properly check for memory allocation failures. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service. This update also fixes a regression in the upstream patch previously applied to fix CVE-2008-3790. The regression would cause parsing of some XML documents to fail.; tags | advisory, denial of service, ruby; systems | linux, ubuntu; advisories | CVE-2008-3443, CVE-2008-3790; SHA-256 | 8e6e9a4a0c546126aa35f85750f347d27b3886321646d22ce793a2ac11d744df; Download | Favorite | View

Mandriva Linux Security Advisory 2008-226: Posted Nov 8, 2008; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory - Denial of service, spoofing, and bypass vulnerabilities exist in Ruby.; tags | advisory, denial of service, spoof, vulnerability, ruby; systems | linux, mandriva; advisories | CVE-2008-3443, CVE-2008-3655, CVE-2008-3656, CVE-2008-3657, CVE-2008-3790, CVE-2008-3905; SHA-256 | 488309119dea14c6a264f6053e8b8d14c8d560c0a40a71fd0e398684d17eb685; Download | Favorite | View

Ubuntu Security Notice 651-1: Posted Oct 11, 2008; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 651-1 - A large amount of vulnerabilities have been addressed in Ruby. These issues include integer overflow, bypass, input validation, and various other vulnerabilities.; tags | advisory, overflow, vulnerability, ruby; systems | linux, ubuntu; advisories | CVE-2008-2376, CVE-2008-3443, CVE-2008-3655, CVE-2008-3656, CVE-2008-3657, CVE-2008-3790, CVE-2008-3905; SHA-256 | 5557d431a53fdfbc495c90e3822a34c8b1dcc60e208ef88fe797ec0c86bfdcfa; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 297 files
Ubuntu 69 files
Debian 20 files
Gentoo 8 files
Apple 6 files
Google Security Research 4 files
LiquidWorm 4 files
Spencer McIntyre 3 files
Alter Prime 3 files
Jann Horn 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,172)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,112)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,459)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,018)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2008-3443

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems