1. Home
  2. Vulnerabilities
  3. CVE-2013-4164

CVE-2013-4164

CVSS v2.0 6.8 (Medium)
68% Progress
EPSS 4.54 % (93th)
4.54% Progress
Affected Products 1
Advisories 13
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.

Weaknesses
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2013-11-23 19:55:03
(10 years ago)
Updated Date
2018-01-09 02:29:03
(6 years ago)

Affected Products

Ruby-lang

Configuration #1

    CPE23 From Up To
  Ruby-lang Ruby 1.8 cpe:2.3:a:ruby-lang:ruby:1.8
  Ruby-lang Ruby 1.9 cpe:2.3:a:ruby-lang:ruby:1.9
  Ruby-lang Ruby 1.9.1 cpe:2.3:a:ruby-lang:ruby:1.9.1
  Ruby-lang Ruby 1.9.2 cpe:2.3:a:ruby-lang:ruby:1.9.2
  Ruby-lang Ruby 1.9.3 cpe:2.3:a:ruby-lang:ruby:1.9.3
  Ruby-lang Ruby 2.0.0 cpe:2.3:a:ruby-lang:ruby:2.0.0
  Ruby-lang Ruby 2.1 Preview1 cpe:2.3:a:ruby-lang:ruby:2.1:preview1