CVE-2013-1821

Published: Apr 9, 2013Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.

Affected (14)

Products: Ruby Lang: Ruby

1 product

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Ruby Lang Ruby	Up to 1.9.3
Ruby Lang Ruby	Version 1.9.1
Ruby Lang Ruby	Version 1.9.2
Ruby Lang Ruby	Version 1.9.3
Ruby Lang Ruby	Version 1.9.3 p0
Ruby Lang Ruby	Version 1.9.3 p125
Ruby Lang Ruby	Version 1.9.3 p194
Ruby Lang Ruby	Version 1.9.3 p286
Ruby Lang Ruby	Version 1.9.3 p383
Ruby Lang Ruby	Version 1.9

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Ruby Lang Ruby	Version 2.0.0
Ruby Lang Ruby	Version 2.0.0 rc1
Ruby Lang Ruby	Version 2.0.0 rc2
Ruby Lang Ruby	Version 2.0

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (46)

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2013-04/msg00036.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-0611.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-0612.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-1028.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-1147.html

Source: secalert@redhat.com

http://secunia.com/advisories/52783

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/52902

Source: secalert@redhat.com

Vendor Advisory

http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=39384

Source: secalert@redhat.com

http://www.debian.org/security/2013/dsa-2738

Source: secalert@redhat.com

http://www.debian.org/security/2013/dsa-2809

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2013:124

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2013/03/06/5

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

Source: secalert@redhat.com

http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/

Source: secalert@redhat.com

Vendor Advisory

http://www.securityfocus.com/bid/58141

Source: secalert@redhat.com

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-1780-1

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=914716

Source: secalert@redhat.com

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0092

Source: secalert@redhat.com

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2013-04/msg00036.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2013-0611.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2013-0612.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2013-1028.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2013-1147.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/52783

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/52902

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=39384

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2013/dsa-2738

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2013/dsa-2809

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2013:124

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2013/03/06/5

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/58141

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-1780-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=914716

Source: af854a3a-2127-422b-91ae-364da2661108

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0092

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.