CVE-2009-1904
published 2009-06-11CVE-2009-1904: The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via…
PriorityP422medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
8.38%
94.3th percentile
The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_ubuntu6.8MEDIUM
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Ruby vulnerabilities
vendor_ubuntu·2010-02-16·CVSS 5.0
CVE-2009-1904 [MEDIUM] Ruby vulnerabilities
Title: Ruby vulnerabilities
Summary: Ruby vulnerabilities
Emmanouel Kellinis discovered that Ruby did not properly handle certain
string operations. An attacker could exploit this issue and possibly
execute arbitrary code with application privileges. (CVE-2009-4124)
Giovanni Pellerano, Alessandro Tanasi, and Francesco Ongaro discovered that
Ruby did not properly sanitize data written to log files. An attacker could
insert specially-crafted data into log files which could affect certain
terminal emulators and cause arbitrary files to be overwritten, or even
possibly execute arbitrary commands. (CVE-2009-4492)
It was discovered that Ruby did not properly handle string arguments that
represent large numbers. An attacker could exploit this and cause a denial
of service. This issue only aff
Ubuntu
Ruby vulnerabilities
vendor_ubuntu·2009-07-20·CVSS 6.8
CVE-2009-0642 [MEDIUM] Ruby vulnerabilities
Title: Ruby vulnerabilities
Summary: Ruby vulnerabilities
It was discovered that Ruby did not properly validate certificates. An
attacker could exploit this and present invalid or revoked X.509
certificates. (CVE-2009-0642)
It was discovered that Ruby did not properly handle string arguments that
represent large numbers. An attacker could exploit this and cause a denial
of service. (CVE-2009-1904)
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
ruby: DoS vulnerability in BigDecimal
vendor_redhat·2009-06-10·CVSS 5.0
CVE-2009-1904 [MEDIUM] ruby: DoS vulnerability in BigDecimal
ruby: DoS vulnerability in BigDecimal
The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type.
GHSA
GHSA-prwc-wj59-8vwr: The BigDecimal library in Ruby 1
ghsa_unreviewed·2022-05-02
CVE-2009-1904 [MEDIUM] GHSA-prwc-wj59-8vwr: The BigDecimal library in Ruby 1
The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type.
No detection rules found.
No public exploits indexed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532689http://bugs.gentoo.org/show_bug.cgi?id=273213http://github.com/NZKoz/bigdecimal-segfault-fix/tree/masterhttp://groups.google.com/group/rubyonrails-security/msg/fad60751e2b9b4f6?dmode=sourcehttp://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlhttp://mail-index.netbsd.org/pkgsrc-changes/2009/06/10/msg024708.htmlhttp://osvdb.org/55031http://redmine.ruby-lang.org/issues/show/794http://secunia.com/advisories/35399http://secunia.com/advisories/35527http://secunia.com/advisories/35593http://secunia.com/advisories/35699http://secunia.com/advisories/35937http://secunia.com/advisories/37705http://security.gentoo.org/glsa/glsa-200906-02.xmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.430805http://support.apple.com/kb/HT4077http://weblog.rubyonrails.org/2009/6/10/dos-vulnerability-in-ruby/http://www.mandriva.com/security/advisories?name=MDVSA-2009:160http://www.redhat.com/support/errata/RHSA-2009-1140.htmlhttp://www.ruby-forum.com/topic/189071http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/http://www.securityfocus.com/bid/35278http://www.securitytracker.com/id?1022371http://www.ubuntu.com/usn/USN-805-1http://www.vupen.com/english/advisories/2009/1563https://bugs.launchpad.net/bugs/385436https://bugs.launchpad.net/bugs/cve/2009-1904https://exchange.xforce.ibmcloud.com/vulnerabilities/51032https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9780https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00731.htmlhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532689http://bugs.gentoo.org/show_bug.cgi?id=273213http://github.com/NZKoz/bigdecimal-segfault-fix/tree/masterhttp://groups.google.com/group/rubyonrails-security/msg/fad60751e2b9b4f6?dmode=sourcehttp://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlhttp://mail-index.netbsd.org/pkgsrc-changes/2009/06/10/msg024708.htmlhttp://osvdb.org/55031http://redmine.ruby-lang.org/issues/show/794http://secunia.com/advisories/35399http://secunia.com/advisories/35527http://secunia.com/advisories/35593http://secunia.com/advisories/35699http://secunia.com/advisories/35937http://secunia.com/advisories/37705http://security.gentoo.org/glsa/glsa-200906-02.xmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.430805http://support.apple.com/kb/HT4077http://weblog.rubyonrails.org/2009/6/10/dos-vulnerability-in-ruby/http://www.mandriva.com/security/advisories?name=MDVSA-2009:160http://www.redhat.com/support/errata/RHSA-2009-1140.htmlhttp://www.ruby-forum.com/topic/189071http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/http://www.securityfocus.com/bid/35278http://www.securitytracker.com/id?1022371http://www.ubuntu.com/usn/USN-805-1http://www.vupen.com/english/advisories/2009/1563https://bugs.launchpad.net/bugs/385436https://bugs.launchpad.net/bugs/cve/2009-1904https://exchange.xforce.ibmcloud.com/vulnerabilities/51032https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9780https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00731.html
2009-06-11
Published