Ruby BigDecimal Library Denial Of Service Vulnerability (Linux) Network Vulnerability

Summary

The host is installed with Ruby and is prone to denial of service vulnerability.

Impact

Attackers can exploit this issue to crash an application using this library. Impact Level: Application

Solution

Upgrade to 1.8.6-p369 or 1.8.7-p174. http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/

Insight

The flaw is due to an error within the BigDecimal standard library when trying to convert BigDecimal objects into floating point numbers which leads to segmentation fault.

Affected

Ruby 1.8.6 to 1.8.6-p368 and 1.8.7 to 1.8.7-p172 on Linux.

References

http://secunia.com/advisories/34135
http://www.opera.com/docs/changelogs/linux/964

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1904

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Adobe Flash Media Server Remote Denial of Service Vulnerability (August-2011)
AyeView GIF Image Handling Denial of Service Vulnerability
Denial Of Service Vulnerability in OpenSSL June-09 (Linux)
CUPS '_cupsImageReadTIFF()' Integer Overflow Vulnerability
Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Linux)

Ruby BigDecimal Library Denial of Service Vulnerability (Linux)

Take action and discover your vulnerabilities