CVE-2009-1904Ruby vulnerability

CWE-1897 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
4.5%
top 10.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Ruby-lang Ruby
Timeline
PublishedJun 11
Latest updateMay 2

Description

The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDruby-lang/ruby1.8.6, 1.8.7+1

Patches

Patch: bugs.debian.orgPatch: github.comPatch: redmine.ruby-lang.org

🔴Vulnerability Details

2
GHSA
GHSA-prwc-wj59-8vwr: The BigDecimal library in Ruby 12022-05-02
CVEList
CVE-2009-1904: The BigDecimal library in Ruby 12009-06-11

📋Vendor Advisories

3
Ubuntu
Ruby vulnerabilities2010-02-16
Ubuntu
Ruby vulnerabilities2009-07-20
Red Hat
ruby: DoS vulnerability in BigDecimal2009-06-10

💬Community

1
Bugzilla
CVE-2009-1904 ruby: DoS vulnerability in BigDecimal2009-06-10
CVE-2009-1904 — Ruby-lang Ruby vulnerability | cvebase