[FREEBSD:EBD877B9-7EF4-4375-B1FD-C67780581898] ruby -- Hostname check bypassing vulnerability in SSL client

Severity Medium

Affected Packages 2

CVEs 1

Ruby Developers report:

  Ruby's SSL client implements hostname identity check but it does
     not properly handle hostnames in the certificate that contain null
     bytes.

Package	Affected Version
pkg:freebsd/ruby19	< 1.9.3.448,1
pkg:freebsd/ruby18	< 1.8.7.374,1

ID

FREEBSD:EBD877B9-7EF4-4375-B1FD-C67780581898

Severity

medium

Severity from

CVE-2013-4073

URL

http://vuxml.freebsd.org/freebsd/ebd877b9-7ef4-4375-b1fd-c67780581898.html

Published

2013-06-27T00:00:00
(11 years ago)

Modified

2013-07-11T00:00:00
(11 years ago)

Rights

FreeBSD VuXML Security Team

Other Advisories

Source	# ID	Name	URL
FreeBSD VuXML			http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:freebsd/ruby19		ruby19	< 1.9.3.448,1
Affected	pkg:freebsd/ruby18		ruby18	< 1.8.7.374,1

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date