← Back

CVE-2008-3443

nvd nist
Published: Aug 14, 2008Modified: Apr 23, 2026

JSON object

Loading...
5.0
Vector
AV:N/AC:L/Au:N/C:N/I:N/A:P
Exploitability: 10.0 / Impact: 2.9
Source: NVD

Description

The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.

Affected (51)

Products: Ruby Lang: Ruby
Ruby Lang
1 product
Ruby
Configuration A
51 vulnerable
Vulnerable SoftwareAffected Versions
Ruby Lang
Ruby
Version 1.6.8
Ruby
Version 1.8.0
Ruby
Version 1.8.1
Ruby
Version 1.8.1 -9
Ruby
Version 1.8.2
Ruby
Version 1.8.2 preview2
Ruby
Version 1.8.2 preview3
Ruby
Version 1.8.2 preview4
Ruby
Version 1.8.3
Ruby
Version 1.8.3 preview1
Ruby
Version 1.8.3 preview2
Ruby
Version 1.8.3 preview3
Ruby
Version 1.8.4
Ruby
Version 1.8.4 preview1
Ruby
Version 1.8.4 preview2
Ruby
Version 1.8.4 preview3
Ruby
Version 1.8.5
Ruby
Version 1.8.5 p113
Ruby
Version 1.8.5 p114
Ruby
Version 1.8.5 p115
Ruby
Version 1.8.5 p11
Ruby
Version 1.8.5 p12
Ruby
Version 1.8.5 p231
Ruby
Version 1.8.5 p2
Ruby
Version 1.8.5 p35
Ruby
Version 1.8.5 p52
Ruby
Version 1.8.5 preview1
Ruby
Version 1.8.5 preview2
Ruby
Version 1.8.5 preview3
Ruby
Version 1.8.5 preview4
Ruby
Version 1.8.5 preview5
Ruby
Version 1.8.6
Ruby
Version 1.8.6 p110
Ruby
Version 1.8.6 p111
Ruby
Version 1.8.6 p114
Ruby
Version 1.8.6 p230
Ruby
Version 1.8.6 p286
Ruby
Version 1.8.6 p36
Ruby
Version 1.8.6 preview1
Ruby
Version 1.8.6 preview2
Ruby
Version 1.8.6 preview3
Ruby
Version 1.8.7
Ruby
Version 1.8.7 p17
Ruby
Version 1.8.7 p22
Ruby
Version 1.8.7 p71
Ruby
Version 1.8.7 preview1
Ruby
Version 1.8.7 preview2
Ruby
Version 1.8.7 preview3
Ruby
Version 1.8.7 preview4
Ruby
Version 1.9.0
Ruby
Version 1.9.0 r18423

Related CWEs

CWE-399
CWE-399

References (52)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
US Government Resource
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.