CVE-2008-3443

Severity

50%

Complexity

99%

Confidentiality

48%

The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.

The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 16 years ago

2008-08-14 23:41:00

Last updated 6 years ago

2018-10-03 21:55:00

Affected Software

ruby-lang Ruby 1.8.0

1.8.0

Ruby-lang Ruby 1.8.1

1.8.1

Ruby-lang Ruby 1.8.2

1.8.2

Ruby-lang Ruby 1.8.2 Preview 2

1.8.2

Ruby-lang Ruby 1.8.2 Preview 3

1.8.2

Ruby-lang Ruby 1.8.2 Preview 4

1.8.2

Ruby-lang Ruby 1.8.3

1.8.3

Ruby-lang Ruby 1.8.3 Preview 1

1.8.3

Ruby-lang Ruby 1.8.3 Preview 2

1.8.3

Ruby-lang Ruby 1.8.3 Preview 3

1.8.3

Ruby-lang Ruby 1.8.4

1.8.4

Ruby-lang Ruby 1.8.4 Preview 1

1.8.4

Ruby-lang Ruby 1.8.4 Preview 2

1.8.4

Ruby-lang Ruby 1.8.5

1.8.5

Ruby-lang Ruby 1.8.5 Preview 1

1.8.5

Ruby-lang Ruby 1.8.5 Preview 2

1.8.5

Ruby-lang Ruby 1.8.5 Preview 3

1.8.5

Ruby-lang Ruby 1.8.5 Preview 4

1.8.5

Ruby-lang Ruby 1.8.5 Preview 5

1.8.5

Ruby-lang Ruby 1.8.6

1.8.6

Ruby-lang Ruby 1.8.6 Preview 1

1.8.6

Ruby-lang Ruby 1.8.6 Preview 2

1.8.6

Ruby-lang Ruby 1.8.6 Preview 3

1.8.6

ruby-lang Ruby 1.8.7

1.8.7

ruby-lang Ruby 1.8.7-p17

1.8.7

ruby-lang Ruby 1.8.7-p22

1.8.7

ruby-lang Ruby 1.8.7-p71

1.8.7

ruby-lang Ruby 1.8.7-preview1

1.8.7

ruby-lang Ruby 1.8.7-preview2

1.8.7

ruby-lang Ruby 1.8.7-preview3

1.8.7

ruby-lang Ruby 1.8.7-preview4

1.8.7

ruby-lang Ruby 1.9.0

1.9.0

References

APPLE-SA-2009-05-12

31430

32165

32219

32371

32372

33185

33398

35074

4158

http://support.apple.com/kb/HT3549

http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm

DSA-1695

RHSA-2008:0895

RHSA-2008:0897

30682

1021075

TA09-133A

US Government Resource

ADV-2009-1297

ruby-regex-dos(44688)

oval:org.mitre.oval:def:9570

USN-651-1

USN-691-1

6239

FEDORA-2008-8738

FEDORA-2008-8736

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.