CVE-2013-4389

2013-10-1700:55:03

CWE-134

redhat

web.nvd.nist.gov

cve

2013

4389

format string vulnerability

log subscriber

action mailer

ruby on rails

denial of service

email address

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.5

Confidence

Low

EPSS

0.013

Percentile

85.6%

JSON

Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message.

Affected configurations

Nvd

Node

rubyonrailsrailsRange3.0.0–3.2.15

Node

opensuseopensuseMatch12.2

opensuseopensuseMatch12.3

opensuseopensuseMatch13.1

Node

debiandebian_linuxMatch7.0

VendorProductVersionCPE
rubyonrailsrails*cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*
opensuseopensuse12.2cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
opensuseopensuse12.3cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
opensuseopensuse13.1cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
debiandebian_linux7.0cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rubyonrails	rails	*	cpe:2.3:a:rubyonrails:rails::::::::
opensuse	opensuse	12.2	cpe:2.3:o:opensuse:opensuse:12.2:::::::*
opensuse	opensuse	12.3	cpe:2.3:o:opensuse:opensuse:12.3:::::::*
opensuse	opensuse	13.1	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
debian	debian_linux	7.0	cpe:2.3:o:debian:debian_linux:7.0:::::::*