Vulnerabilidad en regex.c en Ruby 1.8.5 y anteriores, p286-1.8.6, 1.8.7-p71 y 1.9-r18423 (CVE-2008-3443)
Gravedad CVSS v2.0:
MEDIA
Tipo:
CWE-399
Error en la gestión de recursos
Fecha de publicación:
14/08/2008
Última modificación:
09/04/2025
Descripción
El motor de expresiones regulares (regex.c) en Ruby 1.8.5 y anteriores, 1.8.6 a través de p286-1.8.6, 1.8.7 a través de 1.8.7-p71, y 1.9 a través de r18423 permite a atacantes remotos provocar una denegación de servicio (bucle infinito y caida) a través de múltiples peticiones largas a un socket de Ruby. Esta denegación de servicio esta relacionada con un fallo en la asignación de memoria, como se ha demostrado contra Webrick.
Impacto
Puntuación base 2.0
5.00
Gravedad 2.0
MEDIA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:ruby-lang:ruby:1.6.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ruby-lang:ruby:1.8.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ruby-lang:ruby:1.8.1:-9:*:*:*:*:*:* | ||
| cpe:2.3:a:ruby-lang:ruby:1.8.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ruby-lang:ruby:1.8.2:preview2:*:*:*:*:*:* | ||
| cpe:2.3:a:ruby-lang:ruby:1.8.2:preview3:*:*:*:*:*:* | ||
| cpe:2.3:a:ruby-lang:ruby:1.8.2:preview4:*:*:*:*:*:* | ||
| cpe:2.3:a:ruby-lang:ruby:1.8.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ruby-lang:ruby:1.8.3:preview1:*:*:*:*:*:* | ||
| cpe:2.3:a:ruby-lang:ruby:1.8.3:preview2:*:*:*:*:*:* | ||
| cpe:2.3:a:ruby-lang:ruby:1.8.3:preview3:*:*:*:*:*:* | ||
| cpe:2.3:a:ruby-lang:ruby:1.8.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ruby-lang:ruby:1.8.4:preview1:*:*:*:*:*:* | ||
| cpe:2.3:a:ruby-lang:ruby:1.8.4:preview2:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
- http://secunia.com/advisories/31430
- http://secunia.com/advisories/32165
- http://secunia.com/advisories/32219
- http://secunia.com/advisories/32371
- http://secunia.com/advisories/32372
- http://secunia.com/advisories/33185
- http://secunia.com/advisories/33398
- http://secunia.com/advisories/35074
- http://securityreason.com/securityalert/4158
- http://support.apple.com/kb/HT3549
- http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm
- http://www.debian.org/security/2009/dsa-1695
- http://www.redhat.com/support/errata/RHSA-2008-0895.html
- http://www.redhat.com/support/errata/RHSA-2008-0897.html
- http://www.securityfocus.com/bid/30682
- http://www.securitytracker.com/id?1021075=
- http://www.us-cert.gov/cas/techalerts/TA09-133A.html
- http://www.vupen.com/english/advisories/2009/1297
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44688
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9570
- https://usn.ubuntu.com/651-1/
- https://usn.ubuntu.com/691-1/
- https://www.exploit-db.com/exploits/6239
- https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html
- https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html
- http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
- http://secunia.com/advisories/31430
- http://secunia.com/advisories/32165
- http://secunia.com/advisories/32219
- http://secunia.com/advisories/32371
- http://secunia.com/advisories/32372
- http://secunia.com/advisories/33185
- http://secunia.com/advisories/33398
- http://secunia.com/advisories/35074
- http://securityreason.com/securityalert/4158
- http://support.apple.com/kb/HT3549
- http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm
- http://www.debian.org/security/2009/dsa-1695
- http://www.redhat.com/support/errata/RHSA-2008-0895.html
- http://www.redhat.com/support/errata/RHSA-2008-0897.html
- http://www.securityfocus.com/bid/30682
- http://www.securitytracker.com/id?1021075=
- http://www.us-cert.gov/cas/techalerts/TA09-133A.html
- http://www.vupen.com/english/advisories/2009/1297
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44688
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9570
- https://usn.ubuntu.com/651-1/
- https://usn.ubuntu.com/691-1/
- https://www.exploit-db.com/exploits/6239
- https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html
- https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html