1. Home
  2. Vulnerabilities
  3. CVE-2013-4287

CVE-2013-4287

CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 1.83 % (89th)
1.83% Progress
Affected Products 3
Advisories 10
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.

Weaknesses
CWE-310
Cryptographic Issues
Related CVEs
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2013-10-17 23:55:04
(11 years ago)
Updated Date
2019-04-22 17:48:00
(5 years ago)

Affected Products

Redhat

Ruby-lang

Rubygems

Configuration #1

    CPE23 From Up To
  Redhat Enterprise Linux 6.0 cpe:2.3:o:redhat:enterprise_linux:6.0

Configuration #2

    CPE23 From Up To
  Rubygems 1.8.23 and prior versions cpe:2.3:a:rubygems:rubygems <= 1.8.23
  Rubygems 1.8.0 cpe:2.3:a:rubygems:rubygems:1.8.0
  Rubygems 1.8.1 cpe:2.3:a:rubygems:rubygems:1.8.1
  Rubygems 1.8.2 cpe:2.3:a:rubygems:rubygems:1.8.2
  Rubygems 1.8.3 cpe:2.3:a:rubygems:rubygems:1.8.3
  Rubygems 1.8.4 cpe:2.3:a:rubygems:rubygems:1.8.4
  Rubygems 1.8.5 cpe:2.3:a:rubygems:rubygems:1.8.5
  Rubygems 1.8.6 cpe:2.3:a:rubygems:rubygems:1.8.6
  Rubygems 1.8.7 cpe:2.3:a:rubygems:rubygems:1.8.7
  Rubygems 1.8.8 cpe:2.3:a:rubygems:rubygems:1.8.8
  Rubygems 1.8.9 cpe:2.3:a:rubygems:rubygems:1.8.9
  Rubygems 1.8.10 cpe:2.3:a:rubygems:rubygems:1.8.10
  Rubygems 1.8.11 cpe:2.3:a:rubygems:rubygems:1.8.11
  Rubygems 1.8.12 cpe:2.3:a:rubygems:rubygems:1.8.12
  Rubygems 1.8.13 cpe:2.3:a:rubygems:rubygems:1.8.13
  Rubygems 1.8.14 cpe:2.3:a:rubygems:rubygems:1.8.14
  Rubygems 1.8.15 cpe:2.3:a:rubygems:rubygems:1.8.15
  Rubygems 1.8.16 cpe:2.3:a:rubygems:rubygems:1.8.16
  Rubygems 1.8.17 cpe:2.3:a:rubygems:rubygems:1.8.17
  Rubygems 1.8.18 cpe:2.3:a:rubygems:rubygems:1.8.18
  Rubygems 1.8.19 cpe:2.3:a:rubygems:rubygems:1.8.19
  Rubygems 1.8.20 cpe:2.3:a:rubygems:rubygems:1.8.20
  Rubygems 1.8.21 cpe:2.3:a:rubygems:rubygems:1.8.21
  Rubygems 1.8.22 cpe:2.3:a:rubygems:rubygems:1.8.22
  Rubygems 1.8.24 cpe:2.3:a:rubygems:rubygems:1.8.24
  Rubygems 1.8.25 cpe:2.3:a:rubygems:rubygems:1.8.25
  Rubygems 2.0.0 cpe:2.3:a:rubygems:rubygems:2.0.0
  Rubygems 2.0.1 cpe:2.3:a:rubygems:rubygems:2.0.1
  Rubygems 2.0.2 cpe:2.3:a:rubygems:rubygems:2.0.2
  Rubygems 2.0.3 cpe:2.3:a:rubygems:rubygems:2.0.3
  Rubygems 2.0.4 cpe:2.3:a:rubygems:rubygems:2.0.4
  Rubygems 2.0.5 cpe:2.3:a:rubygems:rubygems:2.0.5
  Rubygems 2.0.6 cpe:2.3:a:rubygems:rubygems:2.0.6
  Rubygems 2.0.7 cpe:2.3:a:rubygems:rubygems:2.0.7
  Rubygems 2.1.0 Rc1 cpe:2.3:a:rubygems:rubygems:2.1.0:rc1
  Rubygems 2.1.0 Rc2 cpe:2.3:a:rubygems:rubygems:2.1.0:rc2

Configuration #3

    CPE23 From Up To
  Ruby-lang Ruby 1.9 cpe:2.3:a:ruby-lang:ruby:1.9
  Ruby-lang Ruby 1.9.1 cpe:2.3:a:ruby-lang:ruby:1.9.1
  Ruby-lang Ruby 1.9.2 cpe:2.3:a:ruby-lang:ruby:1.9.2
  Ruby-lang Ruby 1.9.3 cpe:2.3:a:ruby-lang:ruby:1.9.3
  Ruby-lang Ruby 1.9.3 P0 cpe:2.3:a:ruby-lang:ruby:1.9.3:p0
  Ruby-lang Ruby 1.9.3 P125 cpe:2.3:a:ruby-lang:ruby:1.9.3:p125
  Ruby-lang Ruby 1.9.3 P194 cpe:2.3:a:ruby-lang:ruby:1.9.3:p194
  Ruby-lang Ruby 1.9.3 P286 cpe:2.3:a:ruby-lang:ruby:1.9.3:p286
  Ruby-lang Ruby 1.9.3 P383 cpe:2.3:a:ruby-lang:ruby:1.9.3:p383
  Ruby-lang Ruby 1.9.3 P385 cpe:2.3:a:ruby-lang:ruby:1.9.3:p385
  Ruby-lang Ruby 1.9.3 P392 cpe:2.3:a:ruby-lang:ruby:1.9.3:p392
  Ruby-lang Ruby 1.9.3 P426 cpe:2.3:a:ruby-lang:ruby:1.9.3:p426
  Ruby-lang Ruby 1.9.3 P429 cpe:2.3:a:ruby-lang:ruby:1.9.3:p429
  Ruby-lang Ruby 2.0 cpe:2.3:a:ruby-lang:ruby:2.0
  Ruby-lang Ruby 2.0.0 cpe:2.3:a:ruby-lang:ruby:2.0.0
  Ruby-lang Ruby 2.0.0 P0 cpe:2.3:a:ruby-lang:ruby:2.0.0:p0
  Ruby-lang Ruby 2.0.0 P195 cpe:2.3:a:ruby-lang:ruby:2.0.0:p195
  Ruby-lang Ruby 2.0.0 P247 cpe:2.3:a:ruby-lang:ruby:2.0.0:p247
  Ruby-lang Ruby 2.0.0 Preview1 cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1
  Ruby-lang Ruby 2.0.0 Preview2 cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2
  Ruby-lang Ruby 2.0.0 Rc1 cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1
  Ruby-lang Ruby 2.0.0 Rc2 cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2