Your submission was sent successfully! Close

CVE-2009-1904

Published: 11 June 2009

The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type.

Notes

AuthorNote
mdeslaur
PoC here: http://github.com/NZKoz/bigdecimal-segfault-fix/tree/master
PoC here: http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/
best PoC here: http://redmine.ruby-lang.org/issues/show/794
backporting patch may introduce regression, see RH bug
Priority

Medium

Status

Package Release Status
ruby1.8
Launchpad, Ubuntu, Debian
dapper
Released (1.8.4-1ubuntu1.7)
hardy
Released (1.8.6.111-2ubuntu1.3)
intrepid
Released (1.8.7.72-1ubuntu0.2)
jaunty
Released (1.8.7.72-3ubuntu0.1)
karmic Not vulnerable
(1.8.7.174-1)
lucid Not vulnerable
(1.8.7.174-1)
maverick Not vulnerable
(1.8.7.174-1)
natty Not vulnerable
(1.8.7.174-1)
oneiric Not vulnerable
(1.8.7.174-1)
upstream
Released (1.8.7.173-1)
Patches:
upstream: http://github.com/NZKoz/bigdecimal-segfault-fix/tree/master (workaround?)
upstream: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=23652 (1.8.6)
upstream: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=23645 (1.8.7)
upstream: http://github.com/rubyspec/rubyspec/commit/95c0abbe07bf350f83d2454eb080b0bd315d59d4 (test)
upstream: http://github.com/rubyspec/rubyspec/commit/0fb6052d48eeb72c6f2d2239bba999038cad3d69 (test)


ruby1.9
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
hardy Ignored
(reached end-of-life)
intrepid
Released (1.9.0.2-7ubuntu1.2)
jaunty
Released (1.9.0.2-9ubuntu1.1)
karmic
Released (1.9.0.5-1ubuntu1.2)
lucid
Released (1.9.0.5-1ubuntu2)
maverick Does not exist
(pulled 2010-07-27)
natty Does not exist
(pulled 2010-07-27)
oneiric Does not exist
(pulled 2010-07-27)
upstream Needs triage

Patches:





upstream: http://redmine.ruby-lang.org/repositories/revision/ruby-19?rev=20359
upstream: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=20359