Ruby REXML Parser Denial of Service Vulnerability
BID:58141
Info
Ruby REXML Parser Denial of Service Vulnerability
| Bugtraq ID: | 58141 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2013-1821 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 22 2013 12:00AM |
| Updated: | Nov 03 2015 07:04PM |
| Credit: | Ben Murphy |
| Vulnerable: |
Yukihiro Matsumoto Ruby 1.9.3 dev Yukihiro Matsumoto Ruby 1.9.2 RC2 Yukihiro Matsumoto Ruby 1.9.2 P180 Yukihiro Matsumoto Ruby 1.9.2 P136 Yukihiro Matsumoto Ruby 1.9.2 P0 Yukihiro Matsumoto Ruby 1.9.2 -rc1 Yukihiro Matsumoto Ruby 1.9.1 P431 Yukihiro Matsumoto Ruby 1.9.1 -p429 Yukihiro Matsumoto Ruby 1.9.1 -p376 Yukihiro Matsumoto Ruby 1.9.1 Yukihiro Matsumoto Ruby 1.9 -2 Yukihiro Matsumoto Ruby 1.9 -1 Yukihiro Matsumoto Ruby 1.9 Yukihiro Matsumoto Ruby 1.8.7 -p72 Yukihiro Matsumoto Ruby 1.8.7 -p71 Yukihiro Matsumoto Ruby 1.8.7 -p22 Yukihiro Matsumoto Ruby 1.8.7 -p21 Yukihiro Matsumoto Ruby 1.8.7 Yukihiro Matsumoto Ruby 1.8.6 -p287 Yukihiro Matsumoto Ruby 1.8.6 -p286 Yukihiro Matsumoto Ruby 1.8.6 -p230 Yukihiro Matsumoto Ruby 1.8.6 -p229 Yukihiro Matsumoto Ruby 1.8.6 -p114 Yukihiro Matsumoto Ruby 1.8.6 Yukihiro Matsumoto Ruby 1.8.5 -p231 Yukihiro Matsumoto Ruby 1.8.5 -p230 Yukihiro Matsumoto Ruby 1.8.5 -p2 Yukihiro Matsumoto Ruby 1.8.5 -p115 Yukihiro Matsumoto Ruby 1.8.5 Yukihiro Matsumoto Ruby 1.8.4 Yukihiro Matsumoto Ruby 1.8.3 Yukihiro Matsumoto Ruby 1.8.2 pre4 Yukihiro Matsumoto Ruby 1.8.2 pre3 Yukihiro Matsumoto Ruby 1.8.2 pre2 Yukihiro Matsumoto Ruby 1.8.2 pre1 Yukihiro Matsumoto Ruby 1.8.2 Yukihiro Matsumoto Ruby 1.8.1 Yukihiro Matsumoto Ruby 1.8 Yukihiro Matsumoto Ruby 1.6.8 Yukihiro Matsumoto Ruby 1.6.7 Yukihiro Matsumoto Ruby 1.6 Yukihiro Matsumoto Ruby 1.9.2 pre3 Yukihiro Matsumoto Ruby 1.9.1-p430 Yukihiro Matsumoto Ruby 1.9.1-p378 Yukihiro Matsumoto Ruby 1.9.0-3 Yukihiro Matsumoto Ruby 1.9 Yukihiro Matsumoto Ruby 1.8.7-P357 Yukihiro Matsumoto Ruby 1.8.7-P352 Yukihiro Matsumoto Ruby 1.8.7-p334 Yukihiro Matsumoto Ruby 1.8.7-p330 Yukihiro Matsumoto Ruby 1.8.7-p302 Yukihiro Matsumoto Ruby 1.8.7-p299 Yukihiro Matsumoto Ruby 1.8.7-p249 Yukihiro Matsumoto Ruby 1.8.7-p248 Yukihiro Matsumoto Ruby 1.8.7-p173 Yukihiro Matsumoto Ruby 1.8.7-p160 Yukihiro Matsumoto Ruby 1.8.6-p420 Yukihiro Matsumoto Ruby 1.8.6-p399 Yukihiro Matsumoto Ruby 1.8.6-p388 Yukihiro Matsumoto Ruby 1.8.6-p383 Yukihiro Matsumoto Ruby 1.8.6-p369 Yukihiro Matsumoto Ruby 1.8.6-p368 Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 Slackware Linux x86_64 -current Slackware Linux 13.37 x86_64 Slackware Linux 13.37 Slackware Linux 13.1 x86_64 Slackware Linux 13.1 Slackware Linux -current RedHat Enterprise Linux Desktop Workstation 5 client Red Hat Enterprise Linux Workstation Optional 6 Red Hat Enterprise Linux Workstation 6 Red Hat Enterprise Linux Server Optional 6 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux HPC Node Optional 6 Red Hat Enterprise Linux HPC Node 6 Red Hat Enterprise Linux Desktop Optional 6 Red Hat Enterprise Linux Desktop 6 Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux 5 Server Oracle Enterprise Linux 5 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 Gentoo Linux Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 CentOS CentOS 6 CentOS CentOS 5 |
| Not Vulnerable: | |
Discussion
Ruby REXML Parser Denial of Service Vulnerability
Ruby is prone to a denial-of-service vulnerability.
Successful exploits will allow attackers to consume large amounts of memory and cause a crash through a specially crafted XML document.
Versions prior to Ruby 1.9.3-p392 are vulnerable.
Ruby is prone to a denial-of-service vulnerability.
Successful exploits will allow attackers to consume large amounts of memory and cause a crash through a specially crafted XML document.
Versions prior to Ruby 1.9.3-p392 are vulnerable.
Exploit / POC
Ruby REXML Parser Denial of Service Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Ruby REXML Parser Denial of Service Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.