CVE-2013-4287

Published: Oct 17, 2013Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.

Affected (59)

Products: Redhat: Enterprise Linux · Rubygems: Rubygems · Ruby Lang: Ruby

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 6.0

Configuration B

36 vulnerable

Vulnerable Software	Affected Versions
Rubygems Rubygems	Up to 1.8.23
Rubygems Rubygems	Version 1.8.0
Rubygems Rubygems	Version 1.8.10
Rubygems Rubygems	Version 1.8.11
Rubygems Rubygems	Version 1.8.12
Rubygems Rubygems	Version 1.8.13
Rubygems Rubygems	Version 1.8.14
Rubygems Rubygems	Version 1.8.15
Rubygems Rubygems	Version 1.8.16
Rubygems Rubygems	Version 1.8.17
Rubygems Rubygems	Version 1.8.18
Rubygems Rubygems	Version 1.8.19
Rubygems Rubygems	Version 1.8.1
Rubygems Rubygems	Version 1.8.20
Rubygems Rubygems	Version 1.8.21
Rubygems Rubygems	Version 1.8.22
Rubygems Rubygems	Version 1.8.24
Rubygems Rubygems	Version 1.8.25
Rubygems Rubygems	Version 1.8.2
Rubygems Rubygems	Version 1.8.3
Rubygems Rubygems	Version 1.8.4
Rubygems Rubygems	Version 1.8.5
Rubygems Rubygems	Version 1.8.6
Rubygems Rubygems	Version 1.8.7
Rubygems Rubygems	Version 1.8.8
Rubygems Rubygems	Version 1.8.9
Rubygems Rubygems	Version 2.0.0
Rubygems Rubygems	Version 2.0.1
Rubygems Rubygems	Version 2.0.2
Rubygems Rubygems	Version 2.0.3
Rubygems Rubygems	Version 2.0.4
Rubygems Rubygems	Version 2.0.5
Rubygems Rubygems	Version 2.0.6
Rubygems Rubygems	Version 2.0.7
Rubygems Rubygems	Version 2.1.0 rc1
Rubygems Rubygems	Version 2.1.0 rc2

Configuration C

22 vulnerable

Vulnerable Software	Affected Versions
Ruby Lang Ruby	Version 1.9.1
Ruby Lang Ruby	Version 1.9.2
Ruby Lang Ruby	Version 1.9.3
Ruby Lang Ruby	Version 1.9.3 p0
Ruby Lang Ruby	Version 1.9.3 p125
Ruby Lang Ruby	Version 1.9.3 p194
Ruby Lang Ruby	Version 1.9.3 p286
Ruby Lang Ruby	Version 1.9.3 p383
Ruby Lang Ruby	Version 1.9.3 p385
Ruby Lang Ruby	Version 1.9.3 p392
Ruby Lang Ruby	Version 1.9.3 p426
Ruby Lang Ruby	Version 1.9.3 p429
Ruby Lang Ruby	Version 1.9
Ruby Lang Ruby	Version 2.0.0
Ruby Lang Ruby	Version 2.0.0 p0
Ruby Lang Ruby	Version 2.0.0 p195
Ruby Lang Ruby	Version 2.0.0 p247
Ruby Lang Ruby	Version 2.0.0 preview1
Ruby Lang Ruby	Version 2.0.0 preview2
Ruby Lang Ruby	Version 2.0.0 rc1
Ruby Lang Ruby	Version 2.0.0 rc2
Ruby Lang Ruby	Version 2.0