Ruby Interpreter Heap Overflow Vulnerability Nov13 (Windows) Network Vulnerability

Summary

The host is installed with Ruby Interpreter and is prone to Heap Overflow Vulnerability.

Impact

Successful exploitation will allow remote attacker to cause denial of service or potentially the execution of arbitrary code. Impact Level: System/Application.

Solution

Upgrade to version 1.9.3 patchlevel 484, 2.0.0 patchlevel 353,or later. For updates refer to http://www.ruby-lang.org

Insight

The flaw is due to improper sanitization while processing user supplied input data during conversion of strings to floating point values.

Affected

Ruby Interpreter version 1.8, 1.9 before 1.9.3 Patchlevel 484, 2.0 before 2.0.0 Patchlevel 353.

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://osvdb.org/100113
http://secunia.com/advisories/55787
http://xforce.iss.net/xforce/xfdb/89191

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-4164
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apple Safari Multiple Vulnerabilities Dec13 (Mac OS X)
Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Mac OS X)
Apple Remote Desktop Information Disclosure Vulnerability
Apple Safari 'Webkit' Information Disclosure Vulnerability (Win)
Apache Tomcat Multiple Vulnerabilities - 03 Mar14

Take action and discover your vulnerabilities