Your submission was sent successfully! Close

CVE-2008-3443

Published: 14 August 2008

The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.

Priority

Medium

Status

Package Release Status
ruby1.8
Launchpad, Ubuntu, Debian
Upstream
Released (1.8.7.72-1)
ruby1.9
Launchpad, Ubuntu, Debian
Upstream Needed

Patches:
Vendor: http://svn.debian.org/wsvn/pkg-ruby/ruby1.9/trunk/debian/patches/308_regexp_segv.dpatch?op=file&rev=0&sc=0