Vulnerability-Lookup

CVE-2013-4363 (GCVE-0-2013-4363)

Vulnerability from cvelistv5 – Published: 2013-10-17 23:00 – Updated: 2024-08-06 16:38

Summary

Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. NOTE: this issue is due to an incomplete fix for CVE-2013-4287.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	https://puppet.com/security/cve/cve-2013-4363	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2013/09/18/8	mailing-listx_refsource_MLIST
	http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2013/09/14/3	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2013/09/20/1	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:38:01.886Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://puppet.com/security/cve/cve-2013-4363"
          },
          {
            "name": "[oss-security] 20130918 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/09/18/8"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html"
          },
          {
            "name": "[oss-security] 20130915 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/09/14/3"
          },
          {
            "name": "[oss-security] 20130920 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/09/20/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.  NOTE: this issue is due to an incomplete fix for CVE-2013-4287."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-08T10:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://puppet.com/security/cve/cve-2013-4363"
        },
        {
          "name": "[oss-security] 20130918 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/09/18/8"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html"
        },
        {
          "name": "[oss-security] 20130915 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/09/14/3"
        },
        {
          "name": "[oss-security] 20130920 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/09/20/1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4363",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.  NOTE: this issue is due to an incomplete fix for CVE-2013-4287."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://puppet.com/security/cve/cve-2013-4363",
              "refsource": "CONFIRM",
              "url": "https://puppet.com/security/cve/cve-2013-4363"
            },
            {
              "name": "[oss-security] 20130918 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2013/09/18/8"
            },
            {
              "name": "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html",
              "refsource": "CONFIRM",
              "url": "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html"
            },
            {
              "name": "[oss-security] 20130915 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2013/09/14/3"
            },
            {
              "name": "[oss-security] 20130920 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2013/09/20/1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4363",
    "datePublished": "2013-10-17T23:00:00.000Z",
    "dateReserved": "2013-06-12T00:00:00.000Z",
    "dateUpdated": "2024-08-06T16:38:01.886Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2014-AVI-112

Vulnerability from certfr_avis - Published: 2014-03-10 - Updated: 2014-03-10

De multiples vulnérabilités ont été corrigées dans Oracle Solaris. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	N/A	Oracle Solaris 11.1
Oracle	N/A	Oracle Solaris 10
Oracle	N/A	Oracle Solaris 9

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle du 25 février 2014

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle Solaris 11.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Solaris 10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Solaris 9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-5718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5718"
    },
    {
      "name": "CVE-2013-1960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1960"
    },
    {
      "name": "CVE-2013-4123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4123"
    },
    {
      "name": "CVE-2013-5745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5745"
    },
    {
      "name": "CVE-2013-4231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4231"
    },
    {
      "name": "CVE-2006-4810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4810"
    },
    {
      "name": "CVE-2013-4164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4164"
    },
    {
      "name": "CVE-2012-6139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
    },
    {
      "name": "CVE-2013-4408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4408"
    },
    {
      "name": "CVE-2014-0397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0397"
    },
    {
      "name": "CVE-2013-6462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6462"
    },
    {
      "name": "CVE-2013-1418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1418"
    },
    {
      "name": "CVE-2011-3970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3970"
    },
    {
      "name": "CVE-2012-2871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2871"
    },
    {
      "name": "CVE-2012-6150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6150"
    },
    {
      "name": "CVE-2013-5717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5717"
    },
    {
      "name": "CVE-2013-6340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6340"
    },
    {
      "name": "CVE-2012-2870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
    },
    {
      "name": "CVE-2013-6337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6337"
    },
    {
      "name": "CVE-2013-0900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0900"
    },
    {
      "name": "CVE-2013-6339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6339"
    },
    {
      "name": "CVE-2013-4363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4363"
    },
    {
      "name": "CVE-2013-5721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5721"
    },
    {
      "name": "CVE-2007-6750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6750"
    },
    {
      "name": "CVE-2008-0386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0386"
    },
    {
      "name": "CVE-2012-4504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4504"
    },
    {
      "name": "CVE-2012-2893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2893"
    },
    {
      "name": "CVE-2012-4505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4505"
    },
    {
      "name": "CVE-2013-1961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1961"
    },
    {
      "name": "CVE-2013-4287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4287"
    },
    {
      "name": "CVE-2009-0179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0179"
    },
    {
      "name": "CVE-2013-6338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6338"
    },
    {
      "name": "CVE-2013-6336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6336"
    },
    {
      "name": "CVE-2013-4232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4232"
    },
    {
      "name": "CVE-2013-4124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4124"
    },
    {
      "name": "CVE-2013-7112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7112"
    },
    {
      "name": "CVE-2013-2561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2561"
    },
    {
      "name": "CVE-2014-0591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0591"
    },
    {
      "name": "CVE-2013-5719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5719"
    },
    {
      "name": "CVE-2013-7114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7114"
    },
    {
      "name": "CVE-2013-1417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1417"
    },
    {
      "name": "CVE-2012-4564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4564"
    },
    {
      "name": "CVE-2013-5722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5722"
    },
    {
      "name": "CVE-2011-1202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1202"
    },
    {
      "name": "CVE-2012-0870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0870"
    },
    {
      "name": "CVE-2013-5720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5720"
    },
    {
      "name": "CVE-2012-2825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2825"
    },
    {
      "name": "CVE-2013-4475",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4475"
    }
  ],
  "initial_release_date": "2014-03-10T00:00:00",
  "last_revision_date": "2014-03-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2014-AVI-112",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-03-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle Solaris\u003c/span\u003e. Certaines d\u0027entre elles permettent\n\u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance,\nune ex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Solaris",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle du 25 f\u00e9vrier 2014",
      "url": "http://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html"
    }
  ]
}

CERTA-2013-AVI-687

Vulnerability from certfr_avis - Published: 2013-12-30 - Updated: 2013-12-30

De multiples vulnérabilités ont été corrigées dans Puppet. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Puppet Entreprise versions antérieures à 3.1.1
N/A	N/A	Puppet versions antérieures à 3.4.1
N/A	N/A	Puppet versions antérieures à 3.3.3
N/A	N/A	Puppet Entreprise versions antérieures à 2.8.4

References

Title

Publication Time

Tags

Bulletin de sécurité Puppet cve-2013-4491 du 26 décembre 2013	None	vendor-advisory
Bulletin de sécurité Puppet cve-2013-4969 du 26 décembre 2013	None	vendor-advisory
Bulletin de sécurité Puppet cve-2013-4363 du 26 décembre 2013	None	vendor-advisory
Bulletin de sécurité Puppet cve-2013-6417 du 26 décembre 2013	None	vendor-advisory
Bulletin de sécurité Puppet cve-2013-6415 du 26 décembre 2013	None	vendor-advisory
Bulletin de sécurité Puppet cve-2013-6414 du 26 décembre 2013	None	vendor-advisory
Bulletin de sécurité Puppet cve-2013-4164 du 26 décembre 2013	None	vendor-advisory
Bulletin de sécurité Puppet cve-2013-6415 du 26 décembre 2013	-	other
Bulletin de sécurité Puppet cve-2013-4164 du 26 décembre 2013	-	other
Bulletin de sécurité Puppet cve-2013-4491 du 26 décembre 2013	-	other
Bulletin de sécurité Puppet cve-2013-4363 du 26 décembre 2013	-	other
Bulletin de sécurité Puppet cve-2013-6417 du 26 décembre 2013	-	other
Bulletin de sécurité Puppet cve-2013-4969 du 26 décembre 2013	-	other
Bulletin de sécurité Puppet cve-2013-6414 du 26 décembre 2013	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Puppet Entreprise versions ant\u00e9rieures \u00e0 3.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Puppet versions ant\u00e9rieures \u00e0 3.4.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Puppet versions ant\u00e9rieures \u00e0 3.3.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Puppet Entreprise versions ant\u00e9rieures \u00e0 2.8.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-6414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6414"
    },
    {
      "name": "CVE-2013-4164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4164"
    },
    {
      "name": "CVE-2013-6415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6415"
    },
    {
      "name": "CVE-2013-4363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4363"
    },
    {
      "name": "CVE-2013-6417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6417"
    },
    {
      "name": "CVE-2013-4969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4969"
    },
    {
      "name": "CVE-2013-4491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4491"
    }
  ],
  "initial_release_date": "2013-12-30T00:00:00",
  "last_revision_date": "2013-12-30T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Puppet cve-2013-6415 du 26 d\u00e9cembre    2013",
      "url": "http://puppetlabs.com/security/cve/cve-2013-6415"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Puppet cve-2013-4164 du 26 d\u00e9cembre    2013",
      "url": "http://puppetlabs.com/security/cve/cve-2013-4164"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Puppet cve-2013-4491 du 26 d\u00e9cembre    2013",
      "url": "http://puppetlabs.com/security/cve/cve-2013-4491"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Puppet cve-2013-4363 du 26 d\u00e9cembre    2013",
      "url": "http://puppetlabs.com/security/cve/cve-2013-4363"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Puppet cve-2013-6417 du 26 d\u00e9cembre    2013",
      "url": "http://puppetlabs.com/security/cve/cve-2013-6417"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Puppet cve-2013-4969 du 26 d\u00e9cembre    2013",
      "url": "http://puppetlabs.com/security/cve/cve-2013-4969"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Puppet cve-2013-6414 du 26 d\u00e9cembre    2013",
      "url": "http://puppetlabs.com/security/cve/cve-2013-6414"
    }
  ],
  "reference": "CERTA-2013-AVI-687",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-12-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ePuppet\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des\ndonn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Puppet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Puppet cve-2013-4491 du 26 d\u00e9cembre 2013",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Puppet cve-2013-4969 du 26 d\u00e9cembre 2013",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Puppet cve-2013-4363 du 26 d\u00e9cembre 2013",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Puppet cve-2013-6417 du 26 d\u00e9cembre 2013",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Puppet cve-2013-6415 du 26 d\u00e9cembre 2013",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Puppet cve-2013-6414 du 26 d\u00e9cembre 2013",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Puppet cve-2013-4164 du 26 d\u00e9cembre 2013",
      "url": null
    }
  ]
}

GHSA-9QVM-2VHF-Q649

Vulnerability from github – Published: 2022-05-17 00:16 – Updated: 2023-03-08 19:54

Summary

RubyGems Regular Expression Denial of Service

Details

Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. NOTE: this issue is due to an incomplete fix for CVE-2013-4287.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "rubygems-update"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.8.23.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "rubygems-update"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.8.24"
            },
            {
              "fixed": "1.8.27"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "rubygems-update"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "rubygems-update"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "2.1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2013-4363"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": true,
    "github_reviewed_at": "2023-03-08T19:54:54Z",
    "nvd_published_at": "2013-10-17T23:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Algorithmic complexity vulnerability in `Gem::Version::ANCHORED_VERSION_PATTERN` in `lib/rubygems/version.rb` in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.  NOTE: this issue is due to an incomplete fix for CVE-2013-4287.",
  "id": "GHSA-9qvm-2vhf-q649",
  "modified": "2023-03-08T19:54:54Z",
  "published": "2022-05-17T00:16:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4363"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rubygems/rubygems"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2013-4363.yml"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20170331150441/https://puppet.com/security/cve/cve-2013-4363"
    },
    {
      "type": "WEB",
      "url": "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2013/09/14/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2013/09/18/8"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2013/09/20/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "RubyGems Regular Expression Denial of Service"
}

GSD-2013-4363

Vulnerability from gsd - Updated: 2013-09-24 00:00

Details

Aliases

CVE-2013-4363

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-4363",
    "description": "Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.  NOTE: this issue is due to an incomplete fix for CVE-2013-4287.",
    "id": "GSD-2013-4363",
    "references": [
      "https://www.suse.com/security/cve/CVE-2013-4363.html",
      "https://advisories.mageia.org/CVE-2013-4363.html",
      "https://alas.aws.amazon.com/cve/html/CVE-2013-4363.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "affected": [
        {
          "package": {
            "ecosystem": "RubyGems",
            "name": "rubygems-update",
            "purl": "pkg:gem/rubygems-update"
          }
        }
      ],
      "aliases": [
        "CVE-2013-4363",
        "OSVDB-97163"
      ],
      "details": "Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.  NOTE: this issue is due to an incomplete fix for CVE-2013-4287.",
      "id": "GSD-2013-4363",
      "modified": "2013-09-24T00:00:00.000Z",
      "published": "2013-09-24T00:00:00.000Z",
      "references": [
        {
          "type": "WEB",
          "url": "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html"
        }
      ],
      "schema_version": "1.4.0",
      "severity": [
        {
          "score": 4.3,
          "type": "CVSS_V2"
        }
      ],
      "summary": "CVE-2013-4363 rubygems: version regex algorithmic complexity vulnerability, incomplete CVE-2013-4287 fix"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2013-4363",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.  NOTE: this issue is due to an incomplete fix for CVE-2013-4287."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://puppet.com/security/cve/cve-2013-4363",
            "refsource": "CONFIRM",
            "url": "https://puppet.com/security/cve/cve-2013-4363"
          },
          {
            "name": "[oss-security] 20130918 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2013/09/18/8"
          },
          {
            "name": "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html",
            "refsource": "CONFIRM",
            "url": "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html"
          },
          {
            "name": "[oss-security] 20130915 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2013/09/14/3"
          },
          {
            "name": "[oss-security] 20130920 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2013/09/20/1"
          }
        ]
      }
    },
    "github.com/rubysec/ruby-advisory-db": {
      "cve": "2013-4363",
      "cvss_v2": 4.3,
      "date": "2013-09-24",
      "description": "Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.  NOTE: this issue is due to an incomplete fix for CVE-2013-4287.",
      "gem": "rubygems-update",
      "library": "rubygems",
      "osvdb": 97163,
      "patched_versions": [
        "~\u003e 1.8.23.2",
        "~\u003e 1.8.27",
        "~\u003e 2.0.10",
        "\u003e= 2.1.5"
      ],
      "title": "CVE-2013-4363 rubygems: version regex algorithmic complexity vulnerability, incomplete CVE-2013-4287 fix",
      "url": "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html"
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c2.1.4",
          "affected_versions": "All versions before 2.1.4",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2017-12-09",
          "description": "Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.",
          "fixed_versions": [
            "2.1.4"
          ],
          "identifier": "CVE-2013-4363",
          "identifiers": [
            "CVE-2013-4363"
          ],
          "not_impacted": "All versions starting from 2.1.4",
          "package_slug": "gem/rubygems-update",
          "pubdate": "2013-10-17",
          "solution": "Upgrade to version 2.1.4 or above.",
          "title": "Cryptographic Issues",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2013-4363",
            "http://www.openwall.com/lists/oss-security/2013/09/18/8",
            "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html",
            "http://www.openwall.com/lists/oss-security/2013/09/14/3",
            "http://www.openwall.com/lists/oss-security/2013/09/20/1",
            "https://puppet.com/security/cve/cve-2013-4363"
          ],
          "uuid": "a2a19f5d-a120-4643-90b9-8f4618c2211e"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.8.23",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.1.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.0:preview2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.1.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.0:preview2.1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.0:preview2.2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p385:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p392:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p426:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p429:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4363"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.  NOTE: this issue is due to an incomplete fix for CVE-2013-4287."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-310"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20130918 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older",
              "refsource": "MLIST",
              "tags": [
                "Patch"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/09/18/8"
            },
            {
              "name": "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html"
            },
            {
              "name": "[oss-security] 20130915 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older",
              "refsource": "MLIST",
              "tags": [
                "Patch"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/09/14/3"
            },
            {
              "name": "[oss-security] 20130920 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older",
              "refsource": "MLIST",
              "tags": [
                "Patch"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/09/20/1"
            },
            {
              "name": "https://puppet.com/security/cve/cve-2013-4363",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://puppet.com/security/cve/cve-2013-4363"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-12-09T02:29Z",
      "publishedDate": "2013-10-17T23:55Z"
    }
  }
}

FKIE_CVE-2013-4363

Vulnerability from fkie_nvd - Published: 2013-10-17 23:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html	Patch, Vendor Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/09/14/3	Patch
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/09/18/8	Patch
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/09/20/1	Patch
secalert@redhat.com	https://puppet.com/security/cve/cve-2013-4363
af854a3a-2127-422b-91ae-364da2661108	http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/09/14/3	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/09/18/8	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/09/20/1	Patch
af854a3a-2127-422b-91ae-364da2661108	https://puppet.com/security/cve/cve-2013-4363

Impacted products

Vendor	Product	Version
rubygems	rubygems	*
rubygems	rubygems	1.8.0
rubygems	rubygems	1.8.1
rubygems	rubygems	1.8.2
rubygems	rubygems	1.8.3
rubygems	rubygems	1.8.4
rubygems	rubygems	1.8.5
rubygems	rubygems	1.8.6
rubygems	rubygems	1.8.7
rubygems	rubygems	1.8.8
rubygems	rubygems	1.8.9
rubygems	rubygems	1.8.10
rubygems	rubygems	1.8.11
rubygems	rubygems	1.8.12
rubygems	rubygems	1.8.13
rubygems	rubygems	1.8.14
rubygems	rubygems	1.8.15
rubygems	rubygems	1.8.16
rubygems	rubygems	1.8.17
rubygems	rubygems	1.8.18
rubygems	rubygems	1.8.19
rubygems	rubygems	1.8.20
rubygems	rubygems	1.8.21
rubygems	rubygems	1.8.22
rubygems	rubygems	1.8.24
rubygems	rubygems	1.8.25
rubygems	rubygems	1.8.26
rubygems	rubygems	2.0.0
rubygems	rubygems	2.0.0
rubygems	rubygems	2.0.0
rubygems	rubygems	2.0.0
rubygems	rubygems	2.0.0
rubygems	rubygems	2.0.0
rubygems	rubygems	2.0.1
rubygems	rubygems	2.0.2
rubygems	rubygems	2.0.3
rubygems	rubygems	2.0.4
rubygems	rubygems	2.0.5
rubygems	rubygems	2.0.6
rubygems	rubygems	2.0.7
rubygems	rubygems	2.0.8
rubygems	rubygems	2.0.9
rubygems	rubygems	2.1.0
rubygems	rubygems	2.1.0
rubygems	rubygems	2.1.0
rubygems	rubygems	2.1.1
rubygems	rubygems	2.1.2
rubygems	rubygems	2.1.3
rubygems	rubygems	2.1.4
ruby-lang	ruby	1.9
ruby-lang	ruby	1.9.1
ruby-lang	ruby	1.9.2
ruby-lang	ruby	1.9.3
ruby-lang	ruby	1.9.3
ruby-lang	ruby	1.9.3
ruby-lang	ruby	1.9.3
ruby-lang	ruby	1.9.3
ruby-lang	ruby	1.9.3
ruby-lang	ruby	1.9.3
ruby-lang	ruby	1.9.3
ruby-lang	ruby	1.9.3
ruby-lang	ruby	1.9.3
ruby-lang	ruby	2.0
ruby-lang	ruby	2.0.0
ruby-lang	ruby	2.0.0
ruby-lang	ruby	2.0.0
ruby-lang	ruby	2.0.0
ruby-lang	ruby	2.0.0
ruby-lang	ruby	2.0.0
ruby-lang	ruby	2.0.0
ruby-lang	ruby	2.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBD0BCCE-898F-4859-A1D8-5D15894BA539",
              "versionEndIncluding": "1.8.23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D6A915B-43FF-4FFA-98FA-968403825D43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "767790C2-2C72-45C0-A4EF-F21EAAAD1698",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBAB2571-F73A-4843-A494-1D10A214862D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "57847827-F148-42C9-9180-3D5482249CB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "323AC584-E261-445D-9C84-DA34DFDE2D39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A563E3D-2D87-4712-8C90-067ABB9D6810",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B540D22-0BDC-4727-B11E-9667F6E188BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D7D308E-2A6C-4DF7-94B1-C5BCC5C3FD24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "741E979F-6AD5-4C15-8541-5D5F659E5ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "81C93DD3-19B4-431D-A7BD-E86F90F91745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA2C407B-2C0F-4C46-9F5B-6C63CC887941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7865522C-C5D0-4D4B-B090-7B756B36DF4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA1CDCDA-E1F2-4C23-8448-0EF1D61CE40B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "95AE74A8-4A90-4372-8B88-81FF7E6E578B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F6BED14-99EA-4F87-95BB-078D2CEED349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EC8340E-D33E-4DB6-A08B-E56EA035C133",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BF3F97C-C396-4AFE-9EC6-4BBD840ED363",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "41E7E929-1144-438A-A55D-0B5CE6886C0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3EB522C-6EA5-4CF5-B610-CB9414DD4815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF3220D1-DEFF-46A6-95B3-A40838D4E294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8DA4D9E-B822-4254-856C-3176A948D718",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D3EAD7C-CB12-4897-B5FA-63D49CDABD35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "03AC5DA5-AD7F-4C7F-8437-568B7AAAEB17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "B549DE72-CB99-4E37-9B0A-CDDBF1AC7B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBA0773B-1409-4407-AF8C-ED4212FE8DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D53F5C8-B881-46ED-8041-26C0B736C9F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2D82506-3FB5-41BA-8704-CC324C0B0DB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.0.0:preview2:*:*:*:*:*:*",
              "matchCriteriaId": "28EF4773-AA97-4209-951F-942286A92413",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.0.0:preview2.1:*:*:*:*:*:*",
              "matchCriteriaId": "2A3D3005-679A-4761-AC38-CAE1C1CB20AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.0.0:preview2.2:*:*:*:*:*:*",
              "matchCriteriaId": "344FF6A4-8041-4652-A0EA-F18BB0FCFB26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E6CC620F-8E83-4256-9872-CCCDF5A4ED35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F22B79F6-5CA1-4E5C-9223-345A39EDD507",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "260A155C-ED09-44E7-8279-5B94A4AC8CA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4E0506F-F2E6-45A2-B637-576C341A71B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2EC4513-B653-438A-A1E4-406D055FC160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5FDF363-24FA-45D2-879B-B1CF9B667AE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03A81F55-2B6B-467C-9281-AA11ED31220F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8143D88-890D-4C87-9120-46B33D7D63C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E5608F5-AC8A-4368-9323-A2CC09F18AAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ACEEB4D-D21D-4D89-881A-9FC33121F69C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE3D1495-E577-492F-ADE1-B8E8FB7F241A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "31B50C72-C84A-4B4B-9E62-EB78E50DD19A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "EBB4E82A-B1A2-4B35-B961-830FE00F1F7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "CCAD8F26-21A8-42D8-8B12-487F59EB10CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "360BB3DB-FC9E-4791-AF2F-D331267E1603",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "23FE3A27-39D4-4D73-9E04-81AB02736435",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F3FFBBD-D379-4C00-B8B7-2B21B7E8C6C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5987FA3A-4C1B-45DC-909A-2B475917CC32",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9237145-35F8-4E05-B730-77C0F386E5B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C78BB1D8-0505-484D-B824-1AA219F8B247",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5178D04D-1C29-4353-8987-559AA07443EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0535DC9-EB0E-4745-80AC-4A020DF26E38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*",
              "matchCriteriaId": "94F5AA37-B466-4E2E-B217-5119BADDD87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0F0F5-4022-4837-9B40-4B1127732CC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*",
              "matchCriteriaId": "B3848B08-85C2-4AAD-AA33-CCEB80EF5B32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*",
              "matchCriteriaId": "B7927D40-2A3A-43AD-99F6-CE61882A1FF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*",
              "matchCriteriaId": "AA406EC6-6CA5-40A6-A879-AA8940CBEF07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p385:*:*:*:*:*:*",
              "matchCriteriaId": "1D041884-3921-4466-9A48-F644FDDA9D50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p392:*:*:*:*:*:*",
              "matchCriteriaId": "397A2EA7-6F83-427B-8578-3794EBF04849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p426:*:*:*:*:*:*",
              "matchCriteriaId": "298A5681-F756-4952-A9F8-E4C76736DF8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p429:*:*:*:*:*:*",
              "matchCriteriaId": "BC5A12F7-47E2-4AC7-A41B-F4B01319002D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "90E0471D-1323-4E67-B66C-DEBF3BBAEEAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B03B7561-A854-4EFA-9E4E-CFC4EEAE4EE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*",
              "matchCriteriaId": "D2423B85-0971-42AC-8B64-819008BC5778",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*",
              "matchCriteriaId": "1C663278-3B2A-4B7C-959A-2AA804467F21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*",
              "matchCriteriaId": "B7927149-A76A-48BC-8405-7375FC7D7486",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1:*:*:*:*:*:*",
              "matchCriteriaId": "CB116A84-1652-4F5D-98AC-81F0349EEDC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2:*:*:*:*:*:*",
              "matchCriteriaId": "259C21E7-6084-4710-9BB3-C232942A451E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "285A3431-BDFE-40C5-92CD-B18217757C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D66B32CB-AC49-4A1C-85ED-6389F27CB319",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.  NOTE: this issue is due to an incomplete fix for CVE-2013-4287."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en la complejidad algor\u00edtmica en Gem :: Versi\u00f3n :: ANCHORED_VERSION_PATTERN en lib / rubygems / version.rb en RubyGems anterior a 1.8.23.2, 1.8.24 hasta 1.8.26, 2.0.x anterior a 2.0.10, 2.1.5 y 2.1.x anterior a , como se usa en Ruby 1.9.0 hasta 2.0.0p247, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de una versi\u00f3n gem manipulada que provoca una gran cantidad de retroceso en una expresi\u00f3n regular. NOTA: este problema se debe a una correcci\u00f3n incompleta de CVE-2013-4287."
    }
  ],
  "id": "CVE-2013-4363",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-17T23:55:04.440",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2013/09/14/3"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2013/09/18/8"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2013/09/20/1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://puppet.com/security/cve/cve-2013-4363"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2013/09/14/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2013/09/18/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2013/09/20/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://puppet.com/security/cve/cve-2013-4363"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-4363 (GCVE-0-2013-4363)

CERTFR-2014-AVI-112

Solution

CERTA-2013-AVI-687

Solution

GHSA-9QVM-2VHF-Q649

GSD-2013-4363

FKIE_CVE-2013-4363

Tags

Sightings

Nomenclature