1. Home
  2. Security Advisories
  3. Ruby (Gems)
  4. RUBYSEC:RUBYGEMS-UPDATE-2013-4287

[RUBYSEC:RUBYGEMS-UPDATE-2013-4287] CVE-2013-4287 rubygems: version regex algorithmic complexity vulnerability

Severity Medium
Affected Packages 1
Fixed Packages 4
CVEs 1
Info Packages References Vulnerabilities

Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN
in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x
before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows
remote attackers to cause a denial of service (CPU consumption) via a crafted gem
version that triggers a large amount of backtracking in a regular expression.

Package Affected Version
pkg:gem/rubygems-update < 2.1.0
Package Fixed Version
pkg:gem/rubygems-update = 1.8.23.1
pkg:gem/rubygems-update = 1.8.26
pkg:gem/rubygems-update = 2.0.8
pkg:gem/rubygems-update >= 2.1.0
ID
RUBYSEC:RUBYGEMS-UPDATE-2013-4287
Severity
medium
URL
http://blog.rubygems.org/2013/09/09/CVE-2013-4287.html
Published
2013-09-09T00:00:00
(11 years ago)
Modified
2023-05-15T17:49:04
(16 months ago)
Rights
RubySec Security Team
Other Advisories
Source # ID Name URL
Security Advisory GHSA-9j7m-rjqx-48vh https://github.com/advisories/GHSA-9j7m-rjqx-48vh
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Fixed pkg:gem/rubygems-update rubygems-update = 1.8.23.1
Fixed pkg:gem/rubygems-update rubygems-update = 1.8.26
Fixed pkg:gem/rubygems-update rubygems-update = 2.0.8
Fixed pkg:gem/rubygems-update rubygems-update >= 2.1.0
Affected pkg:gem/rubygems-update rubygems-update < 2.1.0
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date