Lucene search
RubySecRUBY:RUBY-2013-4164-100113HistoryNov 22, 2013 - 12:00 a.m.
CVE-2013-4164 ruby: heap overflow in floating point parsing
2013-11-2200:00:00
RubySec
rubysec.com
9
0.045 Low
EPSS
Percentile
92.5%
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before
2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent
attackers to cause a denial of service (segmentation fault) and possibly execute
arbitrary code via a string that is converted to a floating point value, as demonstrated
using (1) the to_f method or (2) JSON.parse.
References
Related
nessus
nessus
openSUSE Security Update : ruby19 (openSUSE-SU-2013:1835-1)
2014-06-13 00:00:00
CentOS 6 : ruby (CESA-2013:1764)
2014-11-12 00:00:00
Scientific Linux Security Update : ruby on SL6.x i386/x86_64 (20131125)
2013-12-04 00:00:00
oraclelinux
oraclelinux
ruby security update
2013-11-26 00:00:00
mageia
mageia
Updated ruby package fixes security vulnerability
2014-01-06 05:02:29
cve
cve
CVE-2013-4164
2013-11-23 19:55:03
redhat
redhat
(RHSA-2013:1763) Critical: ruby193-ruby security update
2013-11-25 00:00:00
(RHSA-2013:1767) Critical: ruby security update
2013-11-26 00:00:00
(RHSA-2014:0011) Critical: ruby193-ruby security update
2014-01-07 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2013-1764)
2015-10-06 00:00:00
Debian: Security Advisory (DSA-2810-1)
2013-12-03 00:00:00
RedHat Update for ruby RHSA-2013:1764-01
2013-11-26 00:00:00
nvd
nvd
CVE-2013-4164
2013-11-23 19:55:03
freebsd
freebsd
ruby -- Heap Overflow in Floating Point Parsing
2013-11-22 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: ruby-2.0.0.353-16.fc20
2013-12-14 02:48:01
[SECURITY] Fedora 19 Update: ruby-2.0.0.353-16.fc19
2013-12-04 07:01:16
[SECURITY] Fedora 18 Update: ruby-1.9.3.484-32.fc18
2013-12-11 02:01:24
prion
prion
Heap overflow
2013-11-23 19:55:00
amazon
amazon
Critical: ruby19
2013-11-22 21:42:00
Critical: ruby
2013-11-22 21:42:00
debian
debian
[SECURITY] [DSA 2810-1] ruby1.9.1 security update
2013-12-04 22:29:52
[SECURITY] [DSA 2810-1] ruby1.9.1 security update
2013-12-04 22:29:52
[SECURITY] [DSA 2809-1] ruby1.8 security update
2013-12-04 21:28:11
f5
f5
K15152 : Ruby vulnerability CVE-2013-4164
2014-04-10 00:00:00
SOL15152 - Ruby vulnerability CVE-2013-4164
2014-04-10 00:00:00
cvelist
cvelist
CVE-2013-4164
2013-11-23 19:00:00
ubuntucve
ubuntucve
CVE-2013-4164
2013-11-22 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 08:52:12
Arbitrary Code Execution
2019-05-02 05:01:21
securityvulns
securityvulns
APPLE-SA-2014-15-20-1 OS X Server 3.1.2
2014-05-29 00:00:00
[USN-2035-1] Ruby vulnerabilities
2013-12-01 00:00:00
Ruby security vulnerabilities
2014-05-29 00:00:00
slackware
slackware
[slackware-security] ruby
2013-12-17 03:50:10
centos
centos
ruby security update
2013-11-26 13:37:12
suse
suse
Security update for ruby19 (critical)
2013-12-17 00:04:23
Security update for ruby (critical)
2013-12-05 18:04:15
ibm
ibm
ubuntu
ubuntu
Ruby vulnerabilities
2013-11-27 00:00:00
hackerone
hackerone
Ruby: Ruby: Heap Overflow in Floating Point Parsing
2013-11-22 00:00:00
osv
osv
ruby1.8 - several
2013-12-04 00:00:00
gentoo
gentoo
Ruby: Denial of service
2014-12-13 00:00:00