CVE-2013-4164
Last modified
CVE-2013-4164 is a vulnerability of currently unknown severity. Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.. EPSS estimates a 34.97% chance of exploitation in the next 30 days.
Description
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Ruby-Lang | Ruby | 1.8 | — |
| Ruby-Lang | Ruby | 1.9 | — |
| Ruby-Lang | Ruby | 1.9.1 | — |
| Ruby-Lang | Ruby | 1.9.2 | — |
| Ruby-Lang | Ruby | 1.9.3 | — |
| Ruby-Lang | Ruby | 2.0.0 | — |
| Ruby-Lang | Ruby | 2.1 | Preview1 |
References
- http://secunia.com/advisories/55787Vendor Advisory
- http://secunia.com/advisories/55787Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-4164?
How severe is CVE-2013-4164?
How do I fix CVE-2013-4164?
Are you affected by CVE-2013-4164?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST