CVE-2013-4164
published 2013-11-23CVE-2013-4164: Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows…
PriorityP355medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
34.97%
98.2th percentile
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_redhat6.8MEDIUM
vendor_ubuntu6.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Ruby vulnerabilities
vendor_ubuntu·2013-11-27·CVSS 6.4
CVE-2013-2065 [MEDIUM] Ruby vulnerabilities
Title: Ruby vulnerabilities
Summary: Several security issues were fixed in Ruby.
Charlie Somerville discovered that Ruby incorrectly handled floating point
number conversion. An attacker could possibly use this issue with an
application that converts text to floating point numbers to cause the
application to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2013-4164)
Vit Ondruch discovered that Ruby did not perform taint checking for certain
functions. An attacker could possibly use this issue to bypass certain
intended restrictions. (CVE-2013-2065)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
ruby: heap overflow in floating point parsing
vendor_redhat·2013-11-22·CVSS 6.8
CVE-2013-4164 [MEDIUM] CWE-228 ruby: heap overflow in floating point parsing
ruby: heap overflow in floating point parsing
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.
Statement: This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5.
Package: mingw-ruby (CloudForms Management Engine 5) - Affected
Package: ruby193-ruby (OpenShift Enterprise 1) - Will not fix
Package: ruby (Red Hat Enterprise Linux 4) - Not affected
Package: ruby (Red Hat Enterprise Linux 5) - Not affected
Package: ruby (Red
GHSA
GHSA-j98q-m2w8-57rc: Heap-based buffer overflow in Ruby 1
ghsa_unreviewed·2022-05-14
CVE-2013-4164 [MEDIUM] CWE-119 GHSA-j98q-m2w8-57rc: Heap-based buffer overflow in Ruby 1
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.
OSV
CVE-2013-4164: Heap-based buffer overflow in Ruby 1
osv·2013-11-22·CVSS 6.8
CVE-2013-4164 [MEDIUM] CVE-2013-4164: Heap-based buffer overflow in Ruby 1
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.
No detection rules found.
Bugzilla
php: heap overflow in floating point parsing
bugzilla·2014-01-24·CVSS 6.8
CVE-2009-0689 [MEDIUM] php: heap overflow in floating point parsing
php: heap overflow in floating point parsing
PHP uses a strtod() implementation using code written by David M. Gay. This code was previously identified to contain a flaw leading to a heap based buffer overflow when overly long string representing a floating point number is parsed to a number. The problem was assigned CVE ids CVE-2009-0689 (bug 539784) and CVE-2013-4164 (bug 1033460) and was fixed in various other projects re-using this affected code.
The problem was already corrected in PHP before the security issue was identified and CVE-2009-0689 assigned, via the following upstream commit:
http://git.php.net/?p=php-src.git;a=commitdiff;h=37da90248deb2188e8ee50e4753ad6340679b425
The fix was included in PHP 5.2.2. This wasn't identified as security fix, or mentioned in the changelog f
Bugzilla
CVE-2013-4164 ruby: heap overflow in floating point parsing [fedora-all]
bugzilla·2013-11-22·CVSS 6.8
CVE-2013-4164 [MEDIUM] CVE-2013-4164 ruby: heap overflow in floating point parsing [fedora-all]
CVE-2013-4164 ruby: heap overflow in floating point parsing [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affects
Bugzilla
CVE-2013-4164 ruby: heap overflow in floating point parsing
bugzilla·2013-11-22·CVSS 6.8
CVE-2013-4164 [MEDIUM] CVE-2013-4164 ruby: heap overflow in floating point parsing
CVE-2013-4164 ruby: heap overflow in floating point parsing
Ruby Programming Language Project reports:
https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/
Heap Overflow in Floating Point Parsing (CVE-2013-4164)
There is an overflow in floating point number parsing in Ruby. This
vulnerability has been assigned the CVE identifier CVE-2013-4164.
Details
Any time a string is converted to a floating point value, a specially
crafted string can cause a heap overflow. This can lead to a denial of
service attack via segmentation faults and possibly arbitrary code execution.
Any program that converts input of unknown origin to floating point values
(especially common when accepting JSON) are vulnerable.
Vulnerable code looks something like this:
Bugzilla
CVE-2009-0689 array index error in dtoa implementation of many products
bugzilla·2009-11-21·CVSS 6.8
CVE-2009-0689 [MEDIUM] CVE-2009-0689 array index error in dtoa implementation of many products
CVE-2009-0689 array index error in dtoa implementation of many products
It was reported [1] that KDE's kdelibs 4.3.3, and possibly earlier versions, suffers from a flaw in its dtoa implementation. A heap-based buffer overflow in the string to floating point number conversion routines could allow an attacker to craft some malicious JavaScript code containing a very long string to be converted to a floating point number. This could result in improper memory allocation and the execution of an arbitrary memory location, which could be leveraged to run arbitrary code on the victim's computer.
This same flaw was originally reported against OpenBSD and NetBSD [2], and is similar to the Mozilla flaw CVE-2009-1563. A patch to correct this issue was commited to kdelibs/kjs/dtoa.cpp today [3].
[1]
http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.htmlhttp://archives.neohapsis.com/archives/bugtraq/2014-10/0103.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-12/msg00009.htmlhttp://lists.opensuse.org/opensuse-updates/2013-12/msg00027.htmlhttp://lists.opensuse.org/opensuse-updates/2013-12/msg00028.htmlhttp://osvdb.org/100113http://rhn.redhat.com/errata/RHSA-2013-1763.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1764.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1767.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0011.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0215.htmlhttp://secunia.com/advisories/55787http://secunia.com/advisories/57376http://www.debian.org/security/2013/dsa-2809http://www.debian.org/security/2013/dsa-2810http://www.securityfocus.com/bid/63873http://www.ubuntu.com/usn/USN-2035-1https://puppet.com/security/cve/cve-2013-4164https://support.apple.com/kb/HT6536https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-releasedhttps://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-releasedhttp://archives.neohapsis.com/archives/bugtraq/2014-04/0134.htmlhttp://archives.neohapsis.com/archives/bugtraq/2014-10/0103.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-12/msg00009.htmlhttp://lists.opensuse.org/opensuse-updates/2013-12/msg00027.htmlhttp://lists.opensuse.org/opensuse-updates/2013-12/msg00028.htmlhttp://osvdb.org/100113http://rhn.redhat.com/errata/RHSA-2013-1763.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1764.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1767.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0011.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0215.htmlhttp://secunia.com/advisories/55787http://secunia.com/advisories/57376http://www.debian.org/security/2013/dsa-2809http://www.debian.org/security/2013/dsa-2810http://www.securityfocus.com/bid/63873http://www.ubuntu.com/usn/USN-2035-1https://puppet.com/security/cve/cve-2013-4164https://support.apple.com/kb/HT6536https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-releasedhttps://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-released
2013-11-23
Published