CVE-2006-5467Infinite Loop in Matsumoto Ruby

CWE-399CWE-835Infinite Loop11 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
5.0%
top 10.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Yukihiro Matsumoto Ruby
Timeline
PublishedOct 27
Latest updateMay 3

Description

The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

Patches

Patch: patches.sgi.comPatch: secunia.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-cgqx-jwj4-2jc4: The cgi2022-05-03
CVEList
CVE-2006-5467: The cgi2006-10-27

💥Exploits & PoCs

3
Exploit-DB
eXtremail 2.1.1 - 'memmove()' Remote Denial of Service2007-10-15
Exploit-DB
eXtremail 2.1.1 - PLAIN Authentication Remote Stack Overflow2007-10-15
Exploit-DB
eXtremail 2.1.1 - 'LOGIN' Remote Stack Overflow2007-10-15

📋Vendor Advisories

3
Red Hat
ruby's cgi.rb vulnerable infinite loop DoS2006-12-04
Ubuntu
Ruby vulnerability2006-11-01
Red Hat
Ruby CGI multipart parsing DoS2006-10-25

💬Community

2
Bugzilla
CVE-2006-5467 Ruby CGI multipart parsing DoS2006-10-26
Bugzilla
CVE-2006-5467 Ruby CGI multipart parsing DoS2006-10-25
CVE-2006-5467 — Infinite Loop in Matsumoto Ruby | cvebase