Vulnerability-Lookup

CVE-2008-3443 (GCVE-0-2008-3443)

Vulnerability from cvelistv5 – Published: 2008-08-14 23:00 – Updated: 2024-08-07 09:37

Summary

The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/31430	third-party-advisoryx_refsource_SECUNIA
	https://usn.ubuntu.com/651-1/	vendor-advisoryx_refsource_UBUNTU
	http://secunia.com/advisories/33185	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2009/dsa-1695	vendor-advisoryx_refsource_DEBIAN
	http://support.apple.com/kb/HT3549	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/30682	vdb-entryx_refsource_BID
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://securityreason.com/securityalert/4158	third-party-advisoryx_refsource_SREASON
	http://secunia.com/advisories/35074	third-party-advisoryx_refsource_SECUNIA
	http://support.avaya.com/elmodocs2/security/ASA-2…	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1021075	vdb-entryx_refsource_SECTRACK
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.redhat.com/support/errata/RHSA-2008-08…	vendor-advisoryx_refsource_REDHAT
	http://www.redhat.com/support/errata/RHSA-2008-08…	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/33398	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/32219	third-party-advisoryx_refsource_SECUNIA
	https://www.exploit-db.com/exploits/6239	exploitx_refsource_EXPLOIT-DB
	http://www.us-cert.gov/cas/techalerts/TA09-133A.html	third-party-advisoryx_refsource_CERT
	http://www.vupen.com/english/advisories/2009/1297	vdb-entryx_refsource_VUPEN
	https://usn.ubuntu.com/691-1/	vendor-advisoryx_refsource_UBUNTU
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/32371	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/32165	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/32372	third-party-advisoryx_refsource_SECUNIA
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:37:26.963Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "31430",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31430"
          },
          {
            "name": "USN-651-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/651-1/"
          },
          {
            "name": "33185",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33185"
          },
          {
            "name": "DSA-1695",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1695"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3549"
          },
          {
            "name": "30682",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/30682"
          },
          {
            "name": "FEDORA-2008-8736",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html"
          },
          {
            "name": "ruby-regex-dos(44688)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44688"
          },
          {
            "name": "4158",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/4158"
          },
          {
            "name": "35074",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35074"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm"
          },
          {
            "name": "1021075",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021075"
          },
          {
            "name": "APPLE-SA-2009-05-12",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
          },
          {
            "name": "RHSA-2008:0895",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0895.html"
          },
          {
            "name": "RHSA-2008:0897",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0897.html"
          },
          {
            "name": "33398",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33398"
          },
          {
            "name": "32219",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32219"
          },
          {
            "name": "6239",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/6239"
          },
          {
            "name": "TA09-133A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
          },
          {
            "name": "ADV-2009-1297",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1297"
          },
          {
            "name": "USN-691-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/691-1/"
          },
          {
            "name": "oval:org.mitre.oval:def:9570",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9570"
          },
          {
            "name": "32371",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32371"
          },
          {
            "name": "32165",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32165"
          },
          {
            "name": "32372",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32372"
          },
          {
            "name": "FEDORA-2008-8738",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-08-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-03T20:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "31430",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31430"
        },
        {
          "name": "USN-651-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/651-1/"
        },
        {
          "name": "33185",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33185"
        },
        {
          "name": "DSA-1695",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1695"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3549"
        },
        {
          "name": "30682",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/30682"
        },
        {
          "name": "FEDORA-2008-8736",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html"
        },
        {
          "name": "ruby-regex-dos(44688)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44688"
        },
        {
          "name": "4158",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/4158"
        },
        {
          "name": "35074",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35074"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm"
        },
        {
          "name": "1021075",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021075"
        },
        {
          "name": "APPLE-SA-2009-05-12",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
        },
        {
          "name": "RHSA-2008:0895",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0895.html"
        },
        {
          "name": "RHSA-2008:0897",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0897.html"
        },
        {
          "name": "33398",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33398"
        },
        {
          "name": "32219",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32219"
        },
        {
          "name": "6239",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/6239"
        },
        {
          "name": "TA09-133A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
        },
        {
          "name": "ADV-2009-1297",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1297"
        },
        {
          "name": "USN-691-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/691-1/"
        },
        {
          "name": "oval:org.mitre.oval:def:9570",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9570"
        },
        {
          "name": "32371",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32371"
        },
        {
          "name": "32165",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32165"
        },
        {
          "name": "32372",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32372"
        },
        {
          "name": "FEDORA-2008-8738",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3443",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "31430",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31430"
            },
            {
              "name": "USN-651-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/651-1/"
            },
            {
              "name": "33185",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33185"
            },
            {
              "name": "DSA-1695",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2009/dsa-1695"
            },
            {
              "name": "http://support.apple.com/kb/HT3549",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3549"
            },
            {
              "name": "30682",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/30682"
            },
            {
              "name": "FEDORA-2008-8736",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html"
            },
            {
              "name": "ruby-regex-dos(44688)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44688"
            },
            {
              "name": "4158",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/4158"
            },
            {
              "name": "35074",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35074"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm"
            },
            {
              "name": "1021075",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1021075"
            },
            {
              "name": "APPLE-SA-2009-05-12",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
            },
            {
              "name": "RHSA-2008:0895",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0895.html"
            },
            {
              "name": "RHSA-2008:0897",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0897.html"
            },
            {
              "name": "33398",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33398"
            },
            {
              "name": "32219",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32219"
            },
            {
              "name": "6239",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/6239"
            },
            {
              "name": "TA09-133A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
            },
            {
              "name": "ADV-2009-1297",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1297"
            },
            {
              "name": "USN-691-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/691-1/"
            },
            {
              "name": "oval:org.mitre.oval:def:9570",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9570"
            },
            {
              "name": "32371",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32371"
            },
            {
              "name": "32165",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32165"
            },
            {
              "name": "32372",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32372"
            },
            {
              "name": "FEDORA-2008-8738",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-3443",
    "datePublished": "2008-08-14T23:00:00.000Z",
    "dateReserved": "2008-08-01T00:00:00.000Z",
    "dateUpdated": "2024-08-07T09:37:26.963Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-V838-V88J-GW93

Vulnerability from github – Published: 2022-05-02 00:00 – Updated: 2025-04-09 03:57

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-3443"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-08-14T23:41:00Z",
    "severity": "MODERATE"
  },
  "details": "The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.",
  "id": "GHSA-v838-v88j-gw93",
  "modified": "2025-04-09T03:57:39Z",
  "published": "2022-05-02T00:00:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3443"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44688"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9570"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/651-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/691-1"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/6239"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31430"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32165"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32219"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32371"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32372"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33185"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33398"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35074"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/4158"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3549"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2009/dsa-1695"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0895.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0897.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/30682"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1021075"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1297"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2009-AVI-186

Vulnerability from certfr_avis - Published: 2009-05-13 - Updated: 2009-05-13

Plusieurs vulnérabilités ont été identifiées dans le système d'exploitation Apple Mac OS X. L'exploitation de certaines d'entre elles peut conduire à l'exécution de code arbitraire à distance sur le système vulnérable.

Description

Plusieurs vulnérabilités ont été identifiées dans le système d'exploitation Apple Mac OS X. Elles touchent divers composants et services installés comme CFNetworks (manipulation des échanges HTTP), CoreGraphics (manipulation de fichiers PDF), Help Viewer (manipulation de l'URI help:), QuickDraw Manager (manipulation d'images PICT), Safari (manipulation de l'URI feed:), OpenSSL, PHP, WebKit, X11, etc.

L'exploitation de certaines de ces vulnérabilités peut conduire à l'exécution de code arbitraire à distance sur le système vulnérable.

Solution

Se référer au bulletin de sécurité 2009-002 de Apple pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Mac OS X Server version 10.4.11 ainsi que celles antérieures.
Apple	N/A	Mac OS X Server version 10.5.6 ainsi que celles antérieures ;
Apple	N/A	Mac OS X version 10.5.6 ainsi que celles antérieures ;
Apple	N/A	Mac OS X version 10.4.11 ainsi que celles antérieures ;

References

Title

Publication Time

FKIE_CVE-2008-3443

Vulnerability from fkie_nvd - Published: 2008-08-14 23:41 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
cve@mitre.org	http://secunia.com/advisories/31430
cve@mitre.org	http://secunia.com/advisories/32165
cve@mitre.org	http://secunia.com/advisories/32219
cve@mitre.org	http://secunia.com/advisories/32371
cve@mitre.org	http://secunia.com/advisories/32372
cve@mitre.org	http://secunia.com/advisories/33185
cve@mitre.org	http://secunia.com/advisories/33398
cve@mitre.org	http://secunia.com/advisories/35074
cve@mitre.org	http://securityreason.com/securityalert/4158
cve@mitre.org	http://support.apple.com/kb/HT3549
cve@mitre.org	http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm
cve@mitre.org	http://www.debian.org/security/2009/dsa-1695
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2008-0895.html
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2008-0897.html
cve@mitre.org	http://www.securityfocus.com/bid/30682
cve@mitre.org	http://www.securitytracker.com/id?1021075
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA09-133A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2009/1297
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/44688
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9570
cve@mitre.org	https://usn.ubuntu.com/651-1/
cve@mitre.org	https://usn.ubuntu.com/691-1/
cve@mitre.org	https://www.exploit-db.com/exploits/6239
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31430
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32165
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32219
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32371
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32372
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33185
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33398
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35074
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/4158
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3549
af854a3a-2127-422b-91ae-364da2661108	http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2009/dsa-1695
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0895.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0897.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/30682
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1021075
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-133A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1297
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/44688
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9570
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/651-1/
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/691-1/
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/6239
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html

Impacted products

Vendor	Product	Version
ruby-lang	ruby	1.6.8
ruby-lang	ruby	1.8.0
ruby-lang	ruby	1.8.1
ruby-lang	ruby	1.8.1
ruby-lang	ruby	1.8.2
ruby-lang	ruby	1.8.2
ruby-lang	ruby	1.8.2
ruby-lang	ruby	1.8.2
ruby-lang	ruby	1.8.3
ruby-lang	ruby	1.8.3
ruby-lang	ruby	1.8.3
ruby-lang	ruby	1.8.3
ruby-lang	ruby	1.8.4
ruby-lang	ruby	1.8.4
ruby-lang	ruby	1.8.4
ruby-lang	ruby	1.8.4
ruby-lang	ruby	1.8.5
ruby-lang	ruby	1.8.5
ruby-lang	ruby	1.8.5
ruby-lang	ruby	1.8.5
ruby-lang	ruby	1.8.5
ruby-lang	ruby	1.8.5
ruby-lang	ruby	1.8.5
ruby-lang	ruby	1.8.5
ruby-lang	ruby	1.8.5
ruby-lang	ruby	1.8.5
ruby-lang	ruby	1.8.5
ruby-lang	ruby	1.8.5
ruby-lang	ruby	1.8.5
ruby-lang	ruby	1.8.5
ruby-lang	ruby	1.8.5
ruby-lang	ruby	1.8.6
ruby-lang	ruby	1.8.6
ruby-lang	ruby	1.8.6
ruby-lang	ruby	1.8.6
ruby-lang	ruby	1.8.6
ruby-lang	ruby	1.8.6
ruby-lang	ruby	1.8.6
ruby-lang	ruby	1.8.6
ruby-lang	ruby	1.8.6
ruby-lang	ruby	1.8.6
ruby-lang	ruby	1.8.7
ruby-lang	ruby	1.8.7
ruby-lang	ruby	1.8.7
ruby-lang	ruby	1.8.7
ruby-lang	ruby	1.8.7
ruby-lang	ruby	1.8.7
ruby-lang	ruby	1.8.7
ruby-lang	ruby	1.8.7
ruby-lang	ruby	1.9.0
ruby-lang	ruby	1.9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "46086C6A-9068-4959-BEE7-4D76BDEA3962",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16BDFA5C-35BE-4B7E-BD2D-C28B095F62E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31160797-6920-4BA1-B355-1CCD1FCDBFC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.1:-9:*:*:*:*:*:*",
              "matchCriteriaId": "BC306E85-66D8-4384-BBC3-92DC99C85FC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5675C37-39EF-41EF-9A53-3FCE4CF23820",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.2:preview2:*:*:*:*:*:*",
              "matchCriteriaId": "39609530-0A81-481E-BDA4-5A98327EAD11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.2:preview3:*:*:*:*:*:*",
              "matchCriteriaId": "C19ADE91-4D9E-43ED-A605-E504B9090119",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.2:preview4:*:*:*:*:*:*",
              "matchCriteriaId": "D89E3027-C2ED-4CC6-86F5-1B791576B6EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "46F29ADA-E6DC-456F-9E63-C56C68EF7E5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.3:preview1:*:*:*:*:*:*",
              "matchCriteriaId": "57B1C113-682E-4F7D-BCF0-E30C446C4AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.3:preview2:*:*:*:*:*:*",
              "matchCriteriaId": "4BAF9471-B532-4194-AB3C-5AA28432FF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.3:preview3:*:*:*:*:*:*",
              "matchCriteriaId": "51BE9728-A5FE-486A-8DB9-711E46243132",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AC1B910-C0FA-4943-92B1-597842E84015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.4:preview1:*:*:*:*:*:*",
              "matchCriteriaId": "A78ECCA9-6F07-4A63-8BF7-8D40F2439552",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.4:preview2:*:*:*:*:*:*",
              "matchCriteriaId": "14513719-4ED8-4EAB-B4D8-29849B868BA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.4:preview3:*:*:*:*:*:*",
              "matchCriteriaId": "92E3814D-BEEA-4E46-9CED-9D8059727D14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C80BDE13-9CBB-4A5F-9BF4-BEB907CED271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.5:p11:*:*:*:*:*:*",
              "matchCriteriaId": "CA7D3F32-EFB7-4628-9328-36C6A306B399",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.5:p113:*:*:*:*:*:*",
              "matchCriteriaId": "D1A95E9F-AEC5-4AF9-B7D9-52DDDECB7E77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.5:p114:*:*:*:*:*:*",
              "matchCriteriaId": "8C72828E-B572-470B-ACA6-55C34DBAA017",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.5:p115:*:*:*:*:*:*",
              "matchCriteriaId": "9328DE73-420B-4280-85A4-ABEFC4679676",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.5:p12:*:*:*:*:*:*",
              "matchCriteriaId": "0F382FBD-6163-4A5B-AEB3-A15A843329F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4399121F-9BC7-4A67-8B0B-ED3B94A16D56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.5:p231:*:*:*:*:*:*",
              "matchCriteriaId": "736348AD-4717-477B-BE8C-A0CAB37F3461",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.5:p35:*:*:*:*:*:*",
              "matchCriteriaId": "BFE61EB9-2544-4E48-B313-63A99F4F5241",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.5:p52:*:*:*:*:*:*",
              "matchCriteriaId": "9FA7A250-A388-4749-ABC0-06B02DBC3915",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview1:*:*:*:*:*:*",
              "matchCriteriaId": "6122187F-2371-429A-971B-419B4ACE8E18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview2:*:*:*:*:*:*",
              "matchCriteriaId": "8A42425D-FF21-4863-B43D-EE100DBE6BD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview3:*:*:*:*:*:*",
              "matchCriteriaId": "06512108-020D-4D71-8F60-6AA2052D7D35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview4:*:*:*:*:*:*",
              "matchCriteriaId": "E2E152A5-F625-4061-AD8C-4CFA085B674F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview5:*:*:*:*:*:*",
              "matchCriteriaId": "756F5247-658C-412C-ACBF-CBE987DF748A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "876B2575-4F81-4A70-9A88-9BEE44649626",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.6:p110:*:*:*:*:*:*",
              "matchCriteriaId": "DF02372D-FD0B-453F-821E-1E0BA7900711",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.6:p111:*:*:*:*:*:*",
              "matchCriteriaId": "0A6ED369-E564-4D4F-9E23-A8125194EAD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.6:p114:*:*:*:*:*:*",
              "matchCriteriaId": "ACC0DB90-C072-4BCB-9082-94394F547D35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.6:p230:*:*:*:*:*:*",
              "matchCriteriaId": "4D7ED62B-4D88-46A4-A0A3-BD37E66A5211",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.6:p286:*:*:*:*:*:*",
              "matchCriteriaId": "072A0C3C-9F47-4DC7-96EA-7980B45429DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.6:p36:*:*:*:*:*:*",
              "matchCriteriaId": "FB0372E4-FE3E-49CD-AF55-E2E4518D34F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1:*:*:*:*:*:*",
              "matchCriteriaId": "04579340-B53F-47B5-99C9-B647AAA3D303",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2:*:*:*:*:*:*",
              "matchCriteriaId": "9D7F4162-108A-470B-8E6B-C009E8C56AEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3:*:*:*:*:*:*",
              "matchCriteriaId": "73AB0545-3D8D-4623-8381-D71DA44E3B5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D86FC99-3521-4E22-8FD3-65CEB05A6342",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*",
              "matchCriteriaId": "84A291B0-EABD-4572-B8E2-2457DBAEDC92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*",
              "matchCriteriaId": "1FE05F3A-A8B5-45EE-BF52-D55E2768F890",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*",
              "matchCriteriaId": "0C6D66E2-3E10-4DEA-9E6B-53A5DE78AFCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*",
              "matchCriteriaId": "4E37786B-5336-4182-A1E3-801BDB6F61EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*",
              "matchCriteriaId": "349D014E-223A-46A7-8334-543DB330C215",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*",
              "matchCriteriaId": "550EC183-43A1-4A63-A23C-A48C1F078451",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*",
              "matchCriteriaId": "0ACECF59-AA88-4B5C-A671-83842C9CF072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "52179EC7-CAF0-42AA-A21A-7105E10CA122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.0:r18423:*:*:*:*:*:*",
              "matchCriteriaId": "D906EA97-7071-4CFA-84EF-EC82D813D7AE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick."
    },
    {
      "lang": "es",
      "value": "El motor de expresiones regulares (regex.c) en Ruby 1.8.5 y anteriores, 1.8.6 a trav\u00e9s de p286-1.8.6, 1.8.7 a trav\u00e9s de 1.8.7-p71, y 1.9 a trav\u00e9s de r18423 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (bucle infinito y caida) a trav\u00e9s de m\u00faltiples peticiones largas a un socket de Ruby. Esta denegaci\u00f3n de servicio esta relacionada con un fallo en la asignaci\u00f3n de memoria, como se ha demostrado contra Webrick."
    }
  ],
  "id": "CVE-2008-3443",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-08-14T23:41:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/31430"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/32165"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/32219"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/32371"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/32372"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/33185"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/33398"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35074"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/4158"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT3549"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2009/dsa-1695"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0895.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0897.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/30682"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1021075"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/1297"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44688"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9570"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/651-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/691-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/6239"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32165"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32219"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32372"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33185"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33398"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/4158"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3549"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1695"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0895.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0897.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/30682"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021075"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1297"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44688"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9570"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/651-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/691-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/6239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2008-3443

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-3443

Aliases

CVE-2008-3443

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-3443",
    "description": "The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.",
    "id": "GSD-2008-3443",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-3443.html",
      "https://www.debian.org/security/2009/dsa-1695",
      "https://access.redhat.com/errata/RHSA-2008:0897",
      "https://access.redhat.com/errata/RHSA-2008:0896",
      "https://access.redhat.com/errata/RHSA-2008:0895",
      "https://linux.oracle.com/cve/CVE-2008-3443.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-3443"
      ],
      "details": "The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.",
      "id": "GSD-2008-3443",
      "modified": "2023-12-13T01:23:05.831096Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-3443",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "31430",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31430"
          },
          {
            "name": "USN-651-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/651-1/"
          },
          {
            "name": "33185",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/33185"
          },
          {
            "name": "DSA-1695",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2009/dsa-1695"
          },
          {
            "name": "http://support.apple.com/kb/HT3549",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT3549"
          },
          {
            "name": "30682",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/30682"
          },
          {
            "name": "FEDORA-2008-8736",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html"
          },
          {
            "name": "ruby-regex-dos(44688)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44688"
          },
          {
            "name": "4158",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/4158"
          },
          {
            "name": "35074",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35074"
          },
          {
            "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm",
            "refsource": "CONFIRM",
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm"
          },
          {
            "name": "1021075",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1021075"
          },
          {
            "name": "APPLE-SA-2009-05-12",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
          },
          {
            "name": "RHSA-2008:0895",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0895.html"
          },
          {
            "name": "RHSA-2008:0897",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0897.html"
          },
          {
            "name": "33398",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/33398"
          },
          {
            "name": "32219",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32219"
          },
          {
            "name": "6239",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/6239"
          },
          {
            "name": "TA09-133A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
          },
          {
            "name": "ADV-2009-1297",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/1297"
          },
          {
            "name": "USN-691-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/691-1/"
          },
          {
            "name": "oval:org.mitre.oval:def:9570",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9570"
          },
          {
            "name": "32371",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32371"
          },
          {
            "name": "32165",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32165"
          },
          {
            "name": "32372",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32372"
          },
          {
            "name": "FEDORA-2008-8738",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.1:-9:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.2:preview2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.4:preview1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.5:p115:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.5:p12:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.2:preview3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.2:preview4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.4:preview2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.4:preview3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.5:p2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.5:p231:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.6:p110:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.3:preview2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.3:preview3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.5:p113:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.5:p114:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.6:p230:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.6:p286:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.6:p36:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.3:preview1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.5:p11:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.5:p35:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.5:p52:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.6:p111:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.6:p114:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9.0:r18423:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3443"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "33185",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/33185"
            },
            {
              "name": "31430",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/31430"
            },
            {
              "name": "4158",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/4158"
            },
            {
              "name": "33398",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/33398"
            },
            {
              "name": "30682",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/30682"
            },
            {
              "name": "DSA-1695",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2009/dsa-1695"
            },
            {
              "name": "32165",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/32165"
            },
            {
              "name": "32219",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/32219"
            },
            {
              "name": "FEDORA-2008-8738",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html"
            },
            {
              "name": "FEDORA-2008-8736",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html"
            },
            {
              "name": "1021075",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1021075"
            },
            {
              "name": "32371",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/32371"
            },
            {
              "name": "RHSA-2008:0895",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0895.html"
            },
            {
              "name": "RHSA-2008:0897",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0897.html"
            },
            {
              "name": "32372",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/32372"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm"
            },
            {
              "name": "35074",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35074"
            },
            {
              "name": "TA09-133A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
            },
            {
              "name": "ADV-2009-1297",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/1297"
            },
            {
              "name": "APPLE-SA-2009-05-12",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
            },
            {
              "name": "http://support.apple.com/kb/HT3549",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT3549"
            },
            {
              "name": "ruby-regex-dos(44688)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44688"
            },
            {
              "name": "6239",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/6239"
            },
            {
              "name": "oval:org.mitre.oval:def:9570",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9570"
            },
            {
              "name": "USN-691-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "https://usn.ubuntu.com/691-1/"
            },
            {
              "name": "USN-651-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "https://usn.ubuntu.com/651-1/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-03T21:55Z",
      "publishedDate": "2008-08-14T23:41Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-3443 (GCVE-0-2008-3443)

GHSA-V838-V88J-GW93

CERTA-2009-AVI-186

Description

Solution

FKIE_CVE-2008-3443

GSD-2008-3443

Tags

Sightings

Nomenclature