6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.045 Low
EPSS
Percentile
92.5%
CentOS Errata and Security Advisory CESA-2013:1764
Ruby is an extensible, interpreted, object-oriented, scripting language.
It has features to process text files and to perform system management
tasks.
A buffer overflow flaw was found in the way Ruby parsed floating point
numbers from their text representation. If an application using Ruby
accepted untrusted input strings and converted them to floating point
numbers, an attacker able to provide such input could cause the application
to crash or, possibly, execute arbitrary code with the privileges of the
application. (CVE-2013-4164)
All ruby users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2013-November/027394.html
Affected packages:
ruby
ruby-devel
ruby-docs
ruby-irb
ruby-libs
ruby-rdoc
ruby-ri
ruby-static
ruby-tcltk
Upstream details at:
https://access.redhat.com/errata/RHSA-2013:1764
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 6 | i686 | ruby | < 1.8.7.352-13.el6 | ruby-1.8.7.352-13.el6.i686.rpm |
CentOS | 6 | i686 | ruby-devel | < 1.8.7.352-13.el6 | ruby-devel-1.8.7.352-13.el6.i686.rpm |
CentOS | 6 | i686 | ruby-docs | < 1.8.7.352-13.el6 | ruby-docs-1.8.7.352-13.el6.i686.rpm |
CentOS | 6 | i686 | ruby-irb | < 1.8.7.352-13.el6 | ruby-irb-1.8.7.352-13.el6.i686.rpm |
CentOS | 6 | i686 | ruby-libs | < 1.8.7.352-13.el6 | ruby-libs-1.8.7.352-13.el6.i686.rpm |
CentOS | 6 | i686 | ruby-rdoc | < 1.8.7.352-13.el6 | ruby-rdoc-1.8.7.352-13.el6.i686.rpm |
CentOS | 6 | i686 | ruby-ri | < 1.8.7.352-13.el6 | ruby-ri-1.8.7.352-13.el6.i686.rpm |
CentOS | 6 | i686 | ruby-static | < 1.8.7.352-13.el6 | ruby-static-1.8.7.352-13.el6.i686.rpm |
CentOS | 6 | i686 | ruby-tcltk | < 1.8.7.352-13.el6 | ruby-tcltk-1.8.7.352-13.el6.i686.rpm |
CentOS | 6 | x86_64 | ruby | < 1.8.7.352-13.el6 | ruby-1.8.7.352-13.el6.x86_64.rpm |