Summary
The host is installed with Ruby and is prone to denial of service vulnerability.
Impact
Attackers can exploit this issue to crash an application using this library.
Impact Level: Application
Solution
Upgrade to 1.8.6-p369 or 1.8.7-p174.
http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/
Insight
The flaw is due to an error within the BigDecimal standard library when trying to convert BigDecimal objects into floating point numbers which leads to segmentation fault.
Affected
Ruby 1.8.6 to 1.8.6-p368 and 1.8.7 to 1.8.7-p172 on Linux.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-1904 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities