← Back

CVE-2013-4363

nvd nist
Published: Oct 17, 2013Modified: Apr 29, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:N/A:P
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. NOTE: this issue is due to an incomplete fix for CVE-2013-4287.

Affected (71)

Rubygems
1 product
Rubygems
Ruby Lang
1 product
Ruby
Configuration A
49 vulnerable
Vulnerable SoftwareAffected Versions
Rubygems
Rubygems
Up to 1.8.23
Rubygems
Version 1.8.0
Rubygems
Version 1.8.10
Rubygems
Version 1.8.11
Rubygems
Version 1.8.12
Rubygems
Version 1.8.13
Rubygems
Version 1.8.14
Rubygems
Version 1.8.15
Rubygems
Version 1.8.16
Rubygems
Version 1.8.17
Rubygems
Version 1.8.18
Rubygems
Version 1.8.19
Rubygems
Version 1.8.1
Rubygems
Version 1.8.20
Rubygems
Version 1.8.21
Rubygems
Version 1.8.22
Rubygems
Version 1.8.24
Rubygems
Version 1.8.25
Rubygems
Version 1.8.26
Rubygems
Version 1.8.2
Rubygems
Version 1.8.3
Rubygems
Version 1.8.4
Rubygems
Version 1.8.5
Rubygems
Version 1.8.6
Rubygems
Version 1.8.7
Rubygems
Version 1.8.8
Rubygems
Version 1.8.9
Rubygems
Version 2.0.0
Rubygems
Version 2.0.0 preview2.1
Rubygems
Version 2.0.0 preview2.2
Rubygems
Version 2.0.0 preview2
Rubygems
Version 2.0.0 rc1
Rubygems
Version 2.0.0 rc2
Rubygems
Version 2.0.1
Rubygems
Version 2.0.2
Rubygems
Version 2.0.3
Rubygems
Version 2.0.4
Rubygems
Version 2.0.5
Rubygems
Version 2.0.6
Rubygems
Version 2.0.7
Rubygems
Version 2.0.8
Rubygems
Version 2.0.9
Rubygems
Version 2.1.0
Rubygems
Version 2.1.0 rc1
Rubygems
Version 2.1.0 rc2
Rubygems
Version 2.1.1
Rubygems
Version 2.1.2
Rubygems
Version 2.1.3
Rubygems
Version 2.1.4
Configuration B
22 vulnerable
Vulnerable SoftwareAffected Versions
Ruby Lang
Ruby
Version 1.9.1
Ruby
Version 1.9.2
Ruby
Version 1.9.3
Ruby
Version 1.9.3 p0
Ruby
Version 1.9.3 p125
Ruby
Version 1.9.3 p194
Ruby
Version 1.9.3 p286
Ruby
Version 1.9.3 p383
Ruby
Version 1.9.3 p385
Ruby
Version 1.9.3 p392
Ruby
Version 1.9.3 p426
Ruby
Version 1.9.3 p429
Ruby
Version 1.9
Ruby
Version 2.0.0
Ruby
Version 2.0.0 p0
Ruby
Version 2.0.0 p195
Ruby
Version 2.0.0 p247
Ruby
Version 2.0.0 preview1
Ruby
Version 2.0.0 preview2
Ruby
Version 2.0.0 rc1
Ruby
Version 2.0.0 rc2
Ruby
Version 2.0

Related CWEs

CWE-310
CWE-310

References (10)

Source: secalert@redhat.com
PatchVendor Advisory
Source: secalert@redhat.com
Patch
Source: secalert@redhat.com
Patch
Source: secalert@redhat.com
Patch
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.