WEB APPLICATION VULNERABILITIES Standard & Premium

Ruby Numeric Errors Vulnerability (CVE-2009-1904)

Description

The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type.

Remediation

References

Related Vulnerabilities

Oracle Database Server CVE-2024-20995 Vulnerability (CVE-2024-20995)

Resin Application Server Other Vulnerability (CVE-2012-2966)

Nginx Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0337)

WordPress Plugin ForumConverter SQL Injection (1.11)

WordPress Plugin The Events Calendar Countdown Addon Security Bypass (1.3.1)

Severity

Medium

Classification

CVE-2009-1904

Tags

Missing Update Known Vulnerabilities