FreeBSD62E0FBE5-5798-11DE-BB78-001CC0377035ruby -- BigDecimal denial of service vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
90.2%
The official ruby site reports:
A denial of service (DoS) vulnerability was found on the
BigDecimal standard library of Ruby. Conversion from BigDecimal
objects into Float numbers had a problem which enables attackers
to effectively cause segmentation faults.
An attacker can cause a denial of service by causing BigDecimal
to parse an insanely large number, such as:
BigDecimal(β9E69999999β).to_s(βFβ)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | ruby | =Β 1.8.*,1 | UNKNOWN |
| FreeBSD | any | noarch | ruby | <Β 1.8.7.160_1,1 | UNKNOWN |
| FreeBSD | any | noarch | ruby+pthreads | =Β 1.8.*,1 | UNKNOWN |
| FreeBSD | any | noarch | ruby+pthreads | <Β 1.8.7.160_1,1 | UNKNOWN |
| FreeBSD | any | noarch | ruby+pthreads+oniguruma | =Β 1.8.*,1 | UNKNOWN |
| FreeBSD | any | noarch | ruby+pthreads+oniguruma | <Β 1.8.7.160_1,1 | UNKNOWN |
| FreeBSD | any | noarch | ruby+oniguruma | =Β 1.8.*,1 | UNKNOWN |
| FreeBSD | any | noarch | ruby+oniguruma | <Β 1.8.7.160_1,1 | UNKNOWN |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
90.2%