Lucene search

[email protected]NVD:CVE-2013-4287

HistoryOct 17, 2013 - 11:55 p.m.

CVE-2013-4287

2013-10-1723:55:04

CWE-310

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.2

Confidence

High

EPSS

0.018

Percentile

88.3%

JSON

Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.

Affected configurations

Nvd

Node

redhatenterprise_linuxMatch6.0

Node

rubygemsrubygemsRange≤1.8.23

rubygemsrubygemsMatch1.8.0

rubygemsrubygemsMatch1.8.1

rubygemsrubygemsMatch1.8.2

rubygemsrubygemsMatch1.8.3

rubygemsrubygemsMatch1.8.4

rubygemsrubygemsMatch1.8.5

rubygemsrubygemsMatch1.8.6

rubygemsrubygemsMatch1.8.7

rubygemsrubygemsMatch1.8.8

rubygemsrubygemsMatch1.8.9

rubygemsrubygemsMatch1.8.10

rubygemsrubygemsMatch1.8.11

rubygemsrubygemsMatch1.8.12

rubygemsrubygemsMatch1.8.13

rubygemsrubygemsMatch1.8.14

rubygemsrubygemsMatch1.8.15

rubygemsrubygemsMatch1.8.16

rubygemsrubygemsMatch1.8.17

rubygemsrubygemsMatch1.8.18

rubygemsrubygemsMatch1.8.19

rubygemsrubygemsMatch1.8.20

rubygemsrubygemsMatch1.8.21

rubygemsrubygemsMatch1.8.22

rubygemsrubygemsMatch1.8.24

rubygemsrubygemsMatch1.8.25

rubygemsrubygemsMatch2.0.0

rubygemsrubygemsMatch2.0.1

rubygemsrubygemsMatch2.0.2

rubygemsrubygemsMatch2.0.3

rubygemsrubygemsMatch2.0.4

rubygemsrubygemsMatch2.0.5

rubygemsrubygemsMatch2.0.6

rubygemsrubygemsMatch2.0.7

rubygemsrubygemsMatch2.1.0rc1

rubygemsrubygemsMatch2.1.0rc2

Node

ruby-langrubyMatch1.9

ruby-langrubyMatch1.9.1

ruby-langrubyMatch1.9.2

ruby-langrubyMatch1.9.3

ruby-langrubyMatch1.9.3p0

ruby-langrubyMatch1.9.3p125

ruby-langrubyMatch1.9.3p194

ruby-langrubyMatch1.9.3p286

ruby-langrubyMatch1.9.3p383

ruby-langrubyMatch1.9.3p385

ruby-langrubyMatch1.9.3p392

ruby-langrubyMatch1.9.3p426

ruby-langrubyMatch1.9.3p429

ruby-langrubyMatch2.0

ruby-langrubyMatch2.0.0

ruby-langrubyMatch2.0.0p0

ruby-langrubyMatch2.0.0p195

ruby-langrubyMatch2.0.0p247

ruby-langrubyMatch2.0.0preview1

ruby-langrubyMatch2.0.0preview2

ruby-langrubyMatch2.0.0rc1

ruby-langrubyMatch2.0.0rc2

VendorProductVersionCPE
redhatenterprise_linux6.0cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
rubygemsrubygems*cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*
rubygemsrubygems1.8.0cpe:2.3:a:rubygems:rubygems:1.8.0:*:*:*:*:*:*:*
rubygemsrubygems1.8.1cpe:2.3:a:rubygems:rubygems:1.8.1:*:*:*:*:*:*:*
rubygemsrubygems1.8.2cpe:2.3:a:rubygems:rubygems:1.8.2:*:*:*:*:*:*:*
rubygemsrubygems1.8.3cpe:2.3:a:rubygems:rubygems:1.8.3:*:*:*:*:*:*:*
rubygemsrubygems1.8.4cpe:2.3:a:rubygems:rubygems:1.8.4:*:*:*:*:*:*:*
rubygemsrubygems1.8.5cpe:2.3:a:rubygems:rubygems:1.8.5:*:*:*:*:*:*:*
rubygemsrubygems1.8.6cpe:2.3:a:rubygems:rubygems:1.8.6:*:*:*:*:*:*:*
rubygemsrubygems1.8.7cpe:2.3:a:rubygems:rubygems:1.8.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	enterprise_linux	6.0	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
rubygems	rubygems	*	cpe:2.3:a:rubygems:rubygems::::::::
rubygems	rubygems	1.8.0	cpe:2.3:a:rubygems:rubygems:1.8.0:::::::*
rubygems	rubygems	1.8.1	cpe:2.3:a:rubygems:rubygems:1.8.1:::::::*
rubygems	rubygems	1.8.2	cpe:2.3:a:rubygems:rubygems:1.8.2:::::::*
rubygems	rubygems	1.8.3	cpe:2.3:a:rubygems:rubygems:1.8.3:::::::*
rubygems	rubygems	1.8.4	cpe:2.3:a:rubygems:rubygems:1.8.4:::::::*
rubygems	rubygems	1.8.5	cpe:2.3:a:rubygems:rubygems:1.8.5:::::::*
rubygems	rubygems	1.8.6	cpe:2.3:a:rubygems:rubygems:1.8.6:::::::*
rubygems	rubygems	1.8.7	cpe:2.3:a:rubygems:rubygems:1.8.7:::::::*