Search CVE reports
51 – 57 of 57 results
The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string.
7 affected packages
ruby1.8, ruby1.9, ruby1.9.1, ruby2.0, ruby2.1...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby1.8 | — | — | — | — |
| ruby1.9 | — | — | — | — |
| ruby1.9.1 | — | — | — | — |
| ruby2.0 | — | — | — | — |
| ruby2.1 | — | — | — | — |
| ruby2.2 | — | — | — | — |
| ruby2.3 | — | — | — | — |
Some fixes available 7 of 12
Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault)...
5 affected packages
ruby1.8, ruby1.9, ruby1.9.1, ruby2.0, ruby2.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby1.8 | — | — | — | — |
| ruby1.9 | — | — | — | — |
| ruby1.9.1 | — | — | — | — |
| ruby2.0 | — | — | — | — |
| ruby2.1 | — | — | — | — |
The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string.
4 affected packages
ruby1.8, ruby1.9.1, ruby2.0, ruby2.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby1.8 | — | — | — | — |
| ruby1.9.1 | — | — | — | — |
| ruby2.0 | — | — | — | — |
| ruby2.1 | — | — | — | — |
The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature...
4 affected packages
ruby1.8, ruby1.9, ruby1.9.1, ruby2.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby1.8 | — | — | — | — |
| ruby1.9 | — | — | — | — |
| ruby1.9.1 | — | — | — | — |
| ruby2.0 | — | — | — | — |
Some fixes available 10 of 14
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault)...
4 affected packages
ruby1.8, ruby1.9, ruby1.9.1, ruby2.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby1.8 | — | — | — | — |
| ruby1.9 | — | — | — | — |
| ruby1.9.1 | — | — | — | — |
| ruby2.0 | — | — | — | — |
Some fixes available 4 of 6
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.
3 affected packages
ruby1.8, ruby1.9.1, ruby2.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby1.8 | — | — | — | — |
| ruby1.9.1 | — | — | — | — |
| ruby2.0 | — | — | — | — |
Some fixes available 1 of 5
DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.
6 affected packages
ruby1.8, ruby1.9.1, ruby2.0, ruby2.1, ruby2.2, ruby2.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby1.8 | — | — | — | — |
| ruby1.9.1 | — | — | — | — |
| ruby2.0 | — | — | — | — |
| ruby2.1 | — | — | — | — |
| ruby2.2 | — | — | — | — |
| ruby2.3 | — | — | — | — |