Ruby BigDecimal Library Denial Of Service Vulnerability (Linux) Network Vulnerability

Summary

The host is installed with Ruby and is prone to denial of service vulnerability.

Impact

Attackers can exploit this issue to crash an application using this library. Impact Level: Application

Solution

Upgrade to 1.8.6-p369 or 1.8.7-p174. http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/

Insight

The flaw is due to an error within the BigDecimal standard library when trying to convert BigDecimal objects into floating point numbers which leads to segmentation fault.

Affected

Ruby 1.8.6 to 1.8.6-p368 and 1.8.7 to 1.8.7-p172 on Linux.

References

http://secunia.com/advisories/34135
http://www.opera.com/docs/changelogs/linux/964

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1904
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Denial Of Service Vulnerability in PHP April-09
F-PROT Antivirus Multiple Vulnerabilities
Compaq Web SSI DoS
ClamAV 'parseicon()' Denial Of Service Vulnerability
FreeSWITCH 'switch_regex.c' Multiple Buffer Overflow Vulnerabilities

Ruby BigDecimal Library Denial of Service Vulnerability (Linux)

Take action and discover your vulnerabilities