Your submission was sent successfully! Close

CVE-2014-6438

Published: 06 September 2017

The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
ruby1.8
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

ruby1.9
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

ruby1.9.1
Launchpad, Ubuntu, Debian
Upstream
Released (1.9.2-p330)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [1.9.2 only])
ruby2.0
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [1.9.2 only])
ruby2.1
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(1.9.2 only)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

ruby2.2
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(1.9.2 only)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

ruby2.3
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(1.9.2 only)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(1.9.2 only)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist