ID CVE-2013-4287
Summary Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.6:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.6:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.7:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.7:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.8:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.8:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.9:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.9:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.10:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.10:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.11:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.11:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.12:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.12:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.13:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.13:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.14:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.14:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.15:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.15:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.16:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.16:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.17:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.17:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.18:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.18:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.19:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.19:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.20:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.20:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.21:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.21:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.22:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.22:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.3a:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.3a:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.3b:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.3b:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.6:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.6:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.7:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.7:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.8:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.8:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.9:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.9:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.10:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.10:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.11:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.11:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.8.40.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.8.40.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:0.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:0.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.23:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.23:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.24:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.24:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:1.8.25:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:1.8.25:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.1.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.1.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:rubygems:rubygems:2.1.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:rubygems:rubygems:2.1.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:1.9.3:p385:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:1.9.3:p385:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:1.9.3:p392:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:1.9.3:p392:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:1.9.3:p426:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:1.9.3:p426:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:1.9.3:p429:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:1.9.3:p429:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 22-04-2019 - 17:48)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 1002364
    title CVE-2013-4287 rubygems: version regex algorithmic complexity vulnerability
    oval
    AND
    • comment rubygems is earlier than 0:1.3.7-4.el6_4
      oval oval:com.redhat.rhsa:tst:20131441005
    • comment rubygems is signed with Red Hat redhatrelease2 key
      oval oval:com.redhat.rhsa:tst:20131441006
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    rhsa
    id RHSA-2013:1441
    released 2013-10-17
    severity Moderate
    title RHSA-2013:1441: rubygems security update (Moderate)
  • rhsa
    id RHSA-2013:1427
  • rhsa
    id RHSA-2013:1523
  • rhsa
    id RHSA-2013:1852
  • rhsa
    id RHSA-2014:0207
rpms rubygems-0:1.3.7-4.el6_4
refmap via4
confirm
mlist [oss-security] 20130909 CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older
secunia 55381
Last major update 22-04-2019 - 17:48
Published 17-10-2013 - 23:55
Back to Top