cvelistv5 - cve-2013-4363

cve-2013-4363

Vulnerability from cvelistv5

Published

2013-10-17 23:00

Modified

2024-08-06 16:38

Severity ?

Summary

Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. NOTE: this issue is due to an incomplete fix for CVE-2013-4287.

References

URL	Tags
secalert@redhat.com	http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html	Patch, Vendor Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/09/14/3	Patch
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/09/18/8	Patch
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/09/20/1	Patch
secalert@redhat.com	https://puppet.com/security/cve/cve-2013-4363
af854a3a-2127-422b-91ae-364da2661108	http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/09/14/3	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/09/18/8	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/09/20/1	Patch
af854a3a-2127-422b-91ae-364da2661108	https://puppet.com/security/cve/cve-2013-4363

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:38:01.886Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://puppet.com/security/cve/cve-2013-4363"
          },
          {
            "name": "[oss-security] 20130918 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/09/18/8"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html"
          },
          {
            "name": "[oss-security] 20130915 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/09/14/3"
          },
          {
            "name": "[oss-security] 20130920 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/09/20/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.  NOTE: this issue is due to an incomplete fix for CVE-2013-4287."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-08T10:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://puppet.com/security/cve/cve-2013-4363"
        },
        {
          "name": "[oss-security] 20130918 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/09/18/8"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html"
        },
        {
          "name": "[oss-security] 20130915 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/09/14/3"
        },
        {
          "name": "[oss-security] 20130920 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/09/20/1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4363",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.  NOTE: this issue is due to an incomplete fix for CVE-2013-4287."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://puppet.com/security/cve/cve-2013-4363",
              "refsource": "CONFIRM",
              "url": "https://puppet.com/security/cve/cve-2013-4363"
            },
            {
              "name": "[oss-security] 20130918 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2013/09/18/8"
            },
            {
              "name": "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html",
              "refsource": "CONFIRM",
              "url": "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html"
            },
            {
              "name": "[oss-security] 20130915 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2013/09/14/3"
            },
            {
              "name": "[oss-security] 20130920 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2013/09/20/1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4363",
    "datePublished": "2013-10-17T23:00:00",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:38:01.886Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.8.23\", \"matchCriteriaId\": \"EBD0BCCE-898F-4859-A1D8-5D15894BA539\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:1.8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D6A915B-43FF-4FFA-98FA-968403825D43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:1.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"767790C2-2C72-45C0-A4EF-F21EAAAD1698\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:1.8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DBAB2571-F73A-4843-A494-1D10A214862D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:1.8.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"57847827-F148-42C9-9180-3D5482249CB9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:1.8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"323AC584-E261-445D-9C84-DA34DFDE2D39\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:1.8.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A563E3D-2D87-4712-8C90-067ABB9D6810\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:1.8.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B540D22-0BDC-4727-B11E-9667F6E188BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:1.8.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D7D308E-2A6C-4DF7-94B1-C5BCC5C3FD24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:1.8.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"741E979F-6AD5-4C15-8541-5D5F659E5ED3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:1.8.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"81C93DD3-19B4-431D-A7BD-E86F90F91745\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:1.8.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA2C407B-2C0F-4C46-9F5B-6C63CC887941\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:1.8.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7865522C-C5D0-4D4B-B090-7B756B36DF4F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:1.8.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA1CDCDA-E1F2-4C23-8448-0EF1D61CE40B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:1.8.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"95AE74A8-4A90-4372-8B88-81FF7E6E578B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:1.8.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F6BED14-99EA-4F87-95BB-078D2CEED349\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:1.8.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7EC8340E-D33E-4DB6-A08B-E56EA035C133\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:1.8.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4BF3F97C-C396-4AFE-9EC6-4BBD840ED363\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:1.8.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"41E7E929-1144-438A-A55D-0B5CE6886C0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:1.8.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3EB522C-6EA5-4CF5-B610-CB9414DD4815\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:1.8.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF3220D1-DEFF-46A6-95B3-A40838D4E294\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:1.8.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E8DA4D9E-B822-4254-856C-3176A948D718\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:1.8.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D3EAD7C-CB12-4897-B5FA-63D49CDABD35\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:1.8.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03AC5DA5-AD7F-4C7F-8437-568B7AAAEB17\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:1.8.24:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B549DE72-CB99-4E37-9B0A-CDDBF1AC7B27\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:1.8.25:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CBA0773B-1409-4407-AF8C-ED4212FE8DB0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:1.8.26:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D53F5C8-B881-46ED-8041-26C0B736C9F5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:2.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2D82506-3FB5-41BA-8704-CC324C0B0DB2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:2.0.0:preview2:*:*:*:*:*:*\", \"matchCriteriaId\": \"28EF4773-AA97-4209-951F-942286A92413\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:2.0.0:preview2.1:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A3D3005-679A-4761-AC38-CAE1C1CB20AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:2.0.0:preview2.2:*:*:*:*:*:*\", \"matchCriteriaId\": \"344FF6A4-8041-4652-A0EA-F18BB0FCFB26\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:2.0.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6CC620F-8E83-4256-9872-CCCDF5A4ED35\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:2.0.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"F22B79F6-5CA1-4E5C-9223-345A39EDD507\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"260A155C-ED09-44E7-8279-5B94A4AC8CA4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:2.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4E0506F-F2E6-45A2-B637-576C341A71B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:2.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C2EC4513-B653-438A-A1E4-406D055FC160\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:2.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5FDF363-24FA-45D2-879B-B1CF9B667AE2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:2.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03A81F55-2B6B-467C-9281-AA11ED31220F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:2.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8143D88-890D-4C87-9120-46B33D7D63C8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:2.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3E5608F5-AC8A-4368-9323-A2CC09F18AAD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:2.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0ACEEB4D-D21D-4D89-881A-9FC33121F69C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:2.0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BE3D1495-E577-492F-ADE1-B8E8FB7F241A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:2.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31B50C72-C84A-4B4B-9E62-EB78E50DD19A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:2.1.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"EBB4E82A-B1A2-4B35-B961-830FE00F1F7D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:2.1.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCAD8F26-21A8-42D8-8B12-487F59EB10CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:2.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"360BB3DB-FC9E-4791-AF2F-D331267E1603\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:2.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"23FE3A27-39D4-4D73-9E04-81AB02736435\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:2.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F3FFBBD-D379-4C00-B8B7-2B21B7E8C6C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubygems:rubygems:2.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5987FA3A-4C1B-45DC-909A-2B475917CC32\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9237145-35F8-4E05-B730-77C0F386E5B2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C78BB1D8-0505-484D-B824-1AA219F8B247\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5178D04D-1C29-4353-8987-559AA07443EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0535DC9-EB0E-4745-80AC-4A020DF26E38\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*\", \"matchCriteriaId\": \"94F5AA37-B466-4E2E-B217-5119BADDD87B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*\", \"matchCriteriaId\": \"6DF0F0F5-4022-4837-9B40-4B1127732CC9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3848B08-85C2-4AAD-AA33-CCEB80EF5B32\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7927D40-2A3A-43AD-99F6-CE61882A1FF4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA406EC6-6CA5-40A6-A879-AA8940CBEF07\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:1.9.3:p385:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D041884-3921-4466-9A48-F644FDDA9D50\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:1.9.3:p392:*:*:*:*:*:*\", \"matchCriteriaId\": \"397A2EA7-6F83-427B-8578-3794EBF04849\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:1.9.3:p426:*:*:*:*:*:*\", \"matchCriteriaId\": \"298A5681-F756-4952-A9F8-E4C76736DF8F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:1.9.3:p429:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC5A12F7-47E2-4AC7-A41B-F4B01319002D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"90E0471D-1323-4E67-B66C-DEBF3BBAEEAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B03B7561-A854-4EFA-9E4E-CFC4EEAE4EE1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*\", \"matchCriteriaId\": \"D2423B85-0971-42AC-8B64-819008BC5778\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*\", \"matchCriteriaId\": \"1C663278-3B2A-4B7C-959A-2AA804467F21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7927149-A76A-48BC-8405-7375FC7D7486\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1:*:*:*:*:*:*\", \"matchCriteriaId\": \"CB116A84-1652-4F5D-98AC-81F0349EEDC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2:*:*:*:*:*:*\", \"matchCriteriaId\": \"259C21E7-6084-4710-9BB3-C232942A451E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"285A3431-BDFE-40C5-92CD-B18217757C23\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"D66B32CB-AC49-4A1C-85ED-6389F27CB319\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.  NOTE: this issue is due to an incomplete fix for CVE-2013-4287.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad en la complejidad algor\\u00edtmica en Gem :: Versi\\u00f3n :: ANCHORED_VERSION_PATTERN en lib / rubygems / version.rb en RubyGems anterior a 1.8.23.2, 1.8.24 hasta 1.8.26, 2.0.x anterior a 2.0.10, 2.1.5 y 2.1.x anterior a , como se usa en Ruby 1.9.0 hasta 2.0.0p247, permite a atacantes remotos provocar una denegaci\\u00f3n de servicio (consumo de CPU) a trav\\u00e9s de una versi\\u00f3n gem manipulada que provoca una gran cantidad de retroceso en una expresi\\u00f3n regular. NOTA: este problema se debe a una correcci\\u00f3n incompleta de CVE-2013-4287.\"}]",
      "id": "CVE-2013-4363",
      "lastModified": "2024-11-21T01:55:25.690",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:P\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2013-10-17T23:55:04.440",
      "references": "[{\"url\": \"http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2013/09/14/3\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2013/09/18/8\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2013/09/20/1\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://puppet.com/security/cve/cve-2013-4363\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2013/09/14/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2013/09/18/8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2013/09/20/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://puppet.com/security/cve/cve-2013-4363\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-310\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-4363\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2013-10-17T23:55:04.440\",\"lastModified\":\"2024-11-21T01:55:25.690\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.  NOTE: this issue is due to an incomplete fix for CVE-2013-4287.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad en la complejidad algor\u00edtmica en Gem :: Versi\u00f3n :: ANCHORED_VERSION_PATTERN en lib / rubygems / version.rb en RubyGems anterior a 1.8.23.2, 1.8.24 hasta 1.8.26, 2.0.x anterior a 2.0.10, 2.1.5 y 2.1.x anterior a , como se usa en Ruby 1.9.0 hasta 2.0.0p247, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de una versi\u00f3n gem manipulada que provoca una gran cantidad de retroceso en una expresi\u00f3n regular. NOTA: este problema se debe a una correcci\u00f3n incompleta de CVE-2013-4287.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-310\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.8.23\",\"matchCriteriaId\":\"EBD0BCCE-898F-4859-A1D8-5D15894BA539\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:1.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D6A915B-43FF-4FFA-98FA-968403825D43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:1.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"767790C2-2C72-45C0-A4EF-F21EAAAD1698\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:1.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBAB2571-F73A-4843-A494-1D10A214862D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:1.8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57847827-F148-42C9-9180-3D5482249CB9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:1.8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"323AC584-E261-445D-9C84-DA34DFDE2D39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:1.8.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A563E3D-2D87-4712-8C90-067ABB9D6810\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:1.8.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B540D22-0BDC-4727-B11E-9667F6E188BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:1.8.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D7D308E-2A6C-4DF7-94B1-C5BCC5C3FD24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:1.8.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"741E979F-6AD5-4C15-8541-5D5F659E5ED3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:1.8.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81C93DD3-19B4-431D-A7BD-E86F90F91745\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:1.8.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA2C407B-2C0F-4C46-9F5B-6C63CC887941\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:1.8.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7865522C-C5D0-4D4B-B090-7B756B36DF4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:1.8.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA1CDCDA-E1F2-4C23-8448-0EF1D61CE40B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:1.8.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95AE74A8-4A90-4372-8B88-81FF7E6E578B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:1.8.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F6BED14-99EA-4F87-95BB-078D2CEED349\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:1.8.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EC8340E-D33E-4DB6-A08B-E56EA035C133\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:1.8.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BF3F97C-C396-4AFE-9EC6-4BBD840ED363\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:1.8.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41E7E929-1144-438A-A55D-0B5CE6886C0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:1.8.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3EB522C-6EA5-4CF5-B610-CB9414DD4815\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:1.8.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF3220D1-DEFF-46A6-95B3-A40838D4E294\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:1.8.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8DA4D9E-B822-4254-856C-3176A948D718\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:1.8.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D3EAD7C-CB12-4897-B5FA-63D49CDABD35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:1.8.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03AC5DA5-AD7F-4C7F-8437-568B7AAAEB17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:1.8.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B549DE72-CB99-4E37-9B0A-CDDBF1AC7B27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:1.8.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBA0773B-1409-4407-AF8C-ED4212FE8DB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:1.8.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D53F5C8-B881-46ED-8041-26C0B736C9F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2D82506-3FB5-41BA-8704-CC324C0B0DB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:2.0.0:preview2:*:*:*:*:*:*\",\"matchCriteriaId\":\"28EF4773-AA97-4209-951F-942286A92413\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:2.0.0:preview2.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A3D3005-679A-4761-AC38-CAE1C1CB20AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:2.0.0:preview2.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"344FF6A4-8041-4652-A0EA-F18BB0FCFB26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:2.0.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6CC620F-8E83-4256-9872-CCCDF5A4ED35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:2.0.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"F22B79F6-5CA1-4E5C-9223-345A39EDD507\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"260A155C-ED09-44E7-8279-5B94A4AC8CA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4E0506F-F2E6-45A2-B637-576C341A71B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:2.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2EC4513-B653-438A-A1E4-406D055FC160\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:2.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5FDF363-24FA-45D2-879B-B1CF9B667AE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:2.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03A81F55-2B6B-467C-9281-AA11ED31220F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:2.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8143D88-890D-4C87-9120-46B33D7D63C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:2.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E5608F5-AC8A-4368-9323-A2CC09F18AAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:2.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0ACEEB4D-D21D-4D89-881A-9FC33121F69C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:2.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE3D1495-E577-492F-ADE1-B8E8FB7F241A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31B50C72-C84A-4B4B-9E62-EB78E50DD19A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:2.1.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBB4E82A-B1A2-4B35-B961-830FE00F1F7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:2.1.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCAD8F26-21A8-42D8-8B12-487F59EB10CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"360BB3DB-FC9E-4791-AF2F-D331267E1603\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:2.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23FE3A27-39D4-4D73-9E04-81AB02736435\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:2.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F3FFBBD-D379-4C00-B8B7-2B21B7E8C6C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubygems:rubygems:2.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5987FA3A-4C1B-45DC-909A-2B475917CC32\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9237145-35F8-4E05-B730-77C0F386E5B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C78BB1D8-0505-484D-B824-1AA219F8B247\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5178D04D-1C29-4353-8987-559AA07443EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0535DC9-EB0E-4745-80AC-4A020DF26E38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*\",\"matchCriteriaId\":\"94F5AA37-B466-4E2E-B217-5119BADDD87B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DF0F0F5-4022-4837-9B40-4B1127732CC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3848B08-85C2-4AAD-AA33-CCEB80EF5B32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7927D40-2A3A-43AD-99F6-CE61882A1FF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA406EC6-6CA5-40A6-A879-AA8940CBEF07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:1.9.3:p385:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D041884-3921-4466-9A48-F644FDDA9D50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:1.9.3:p392:*:*:*:*:*:*\",\"matchCriteriaId\":\"397A2EA7-6F83-427B-8578-3794EBF04849\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:1.9.3:p426:*:*:*:*:*:*\",\"matchCriteriaId\":\"298A5681-F756-4952-A9F8-E4C76736DF8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:1.9.3:p429:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC5A12F7-47E2-4AC7-A41B-F4B01319002D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90E0471D-1323-4E67-B66C-DEBF3BBAEEAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B03B7561-A854-4EFA-9E4E-CFC4EEAE4EE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2423B85-0971-42AC-8B64-819008BC5778\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C663278-3B2A-4B7C-959A-2AA804467F21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7927149-A76A-48BC-8405-7375FC7D7486\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB116A84-1652-4F5D-98AC-81F0349EEDC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2:*:*:*:*:*:*\",\"matchCriteriaId\":\"259C21E7-6084-4710-9BB3-C232942A451E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"285A3431-BDFE-40C5-92CD-B18217757C23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D66B32CB-AC49-4A1C-85ED-6389F27CB319\"}]}]}],\"references\":[{\"url\":\"http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2013/09/14/3\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2013/09/18/8\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2013/09/20/1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://puppet.com/security/cve/cve-2013-4363\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2013/09/14/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2013/09/18/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2013/09/20/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://puppet.com/security/cve/cve-2013-4363\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ghsa-9qvm-2vhf-q649

Vulnerability from github

Published

2022-05-17 00:16

Modified

2023-03-08 19:54

Summary

RubyGems Regular Expression Denial of Service

Details

Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. NOTE: this issue is due to an incomplete fix for CVE-2013-4287.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "rubygems-update"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.8.23.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "rubygems-update"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.8.24"
            },
            {
              "fixed": "1.8.27"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "rubygems-update"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "rubygems-update"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "2.1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2013-4363"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": true,
    "github_reviewed_at": "2023-03-08T19:54:54Z",
    "nvd_published_at": "2013-10-17T23:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Algorithmic complexity vulnerability in `Gem::Version::ANCHORED_VERSION_PATTERN` in `lib/rubygems/version.rb` in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.  NOTE: this issue is due to an incomplete fix for CVE-2013-4287.",
  "id": "GHSA-9qvm-2vhf-q649",
  "modified": "2023-03-08T19:54:54Z",
  "published": "2022-05-17T00:16:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4363"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rubygems/rubygems"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2013-4363.yml"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20170331150441/https://puppet.com/security/cve/cve-2013-4363"
    },
    {
      "type": "WEB",
      "url": "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2013/09/14/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2013/09/18/8"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2013/09/20/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "RubyGems Regular Expression Denial of Service"
}

cve-2013-4363

Vulnerability from fkie_nvd

Published

2013-10-17 23:55

Modified

2024-11-21 01:55

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html	Patch, Vendor Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/09/14/3	Patch
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/09/18/8	Patch
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/09/20/1	Patch
secalert@redhat.com	https://puppet.com/security/cve/cve-2013-4363
af854a3a-2127-422b-91ae-364da2661108	http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/09/14/3	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/09/18/8	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/09/20/1	Patch
af854a3a-2127-422b-91ae-364da2661108	https://puppet.com/security/cve/cve-2013-4363

Impacted products

Vendor	Product	Version
rubygems	rubygems	*
rubygems	rubygems	1.8.0
rubygems	rubygems	1.8.1
rubygems	rubygems	1.8.2
rubygems	rubygems	1.8.3
rubygems	rubygems	1.8.4
rubygems	rubygems	1.8.5
rubygems	rubygems	1.8.6
rubygems	rubygems	1.8.7
rubygems	rubygems	1.8.8
rubygems	rubygems	1.8.9
rubygems	rubygems	1.8.10
rubygems	rubygems	1.8.11
rubygems	rubygems	1.8.12
rubygems	rubygems	1.8.13
rubygems	rubygems	1.8.14
rubygems	rubygems	1.8.15
rubygems	rubygems	1.8.16
rubygems	rubygems	1.8.17
rubygems	rubygems	1.8.18
rubygems	rubygems	1.8.19
rubygems	rubygems	1.8.20
rubygems	rubygems	1.8.21
rubygems	rubygems	1.8.22
rubygems	rubygems	1.8.24
rubygems	rubygems	1.8.25
rubygems	rubygems	1.8.26
rubygems	rubygems	2.0.0
rubygems	rubygems	2.0.0
rubygems	rubygems	2.0.0
rubygems	rubygems	2.0.0
rubygems	rubygems	2.0.0
rubygems	rubygems	2.0.0
rubygems	rubygems	2.0.1
rubygems	rubygems	2.0.2
rubygems	rubygems	2.0.3
rubygems	rubygems	2.0.4
rubygems	rubygems	2.0.5
rubygems	rubygems	2.0.6
rubygems	rubygems	2.0.7
rubygems	rubygems	2.0.8
rubygems	rubygems	2.0.9
rubygems	rubygems	2.1.0
rubygems	rubygems	2.1.0
rubygems	rubygems	2.1.0
rubygems	rubygems	2.1.1
rubygems	rubygems	2.1.2
rubygems	rubygems	2.1.3
rubygems	rubygems	2.1.4
ruby-lang	ruby	1.9
ruby-lang	ruby	1.9.1
ruby-lang	ruby	1.9.2
ruby-lang	ruby	1.9.3
ruby-lang	ruby	1.9.3
ruby-lang	ruby	1.9.3
ruby-lang	ruby	1.9.3
ruby-lang	ruby	1.9.3
ruby-lang	ruby	1.9.3
ruby-lang	ruby	1.9.3
ruby-lang	ruby	1.9.3
ruby-lang	ruby	1.9.3
ruby-lang	ruby	1.9.3
ruby-lang	ruby	2.0
ruby-lang	ruby	2.0.0
ruby-lang	ruby	2.0.0
ruby-lang	ruby	2.0.0
ruby-lang	ruby	2.0.0
ruby-lang	ruby	2.0.0
ruby-lang	ruby	2.0.0
ruby-lang	ruby	2.0.0
ruby-lang	ruby	2.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBD0BCCE-898F-4859-A1D8-5D15894BA539",
              "versionEndIncluding": "1.8.23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D6A915B-43FF-4FFA-98FA-968403825D43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "767790C2-2C72-45C0-A4EF-F21EAAAD1698",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBAB2571-F73A-4843-A494-1D10A214862D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "57847827-F148-42C9-9180-3D5482249CB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "323AC584-E261-445D-9C84-DA34DFDE2D39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A563E3D-2D87-4712-8C90-067ABB9D6810",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B540D22-0BDC-4727-B11E-9667F6E188BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D7D308E-2A6C-4DF7-94B1-C5BCC5C3FD24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "741E979F-6AD5-4C15-8541-5D5F659E5ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "81C93DD3-19B4-431D-A7BD-E86F90F91745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA2C407B-2C0F-4C46-9F5B-6C63CC887941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7865522C-C5D0-4D4B-B090-7B756B36DF4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA1CDCDA-E1F2-4C23-8448-0EF1D61CE40B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "95AE74A8-4A90-4372-8B88-81FF7E6E578B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F6BED14-99EA-4F87-95BB-078D2CEED349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EC8340E-D33E-4DB6-A08B-E56EA035C133",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BF3F97C-C396-4AFE-9EC6-4BBD840ED363",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "41E7E929-1144-438A-A55D-0B5CE6886C0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3EB522C-6EA5-4CF5-B610-CB9414DD4815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF3220D1-DEFF-46A6-95B3-A40838D4E294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8DA4D9E-B822-4254-856C-3176A948D718",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D3EAD7C-CB12-4897-B5FA-63D49CDABD35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "03AC5DA5-AD7F-4C7F-8437-568B7AAAEB17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "B549DE72-CB99-4E37-9B0A-CDDBF1AC7B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBA0773B-1409-4407-AF8C-ED4212FE8DB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:1.8.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D53F5C8-B881-46ED-8041-26C0B736C9F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2D82506-3FB5-41BA-8704-CC324C0B0DB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.0.0:preview2:*:*:*:*:*:*",
              "matchCriteriaId": "28EF4773-AA97-4209-951F-942286A92413",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.0.0:preview2.1:*:*:*:*:*:*",
              "matchCriteriaId": "2A3D3005-679A-4761-AC38-CAE1C1CB20AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.0.0:preview2.2:*:*:*:*:*:*",
              "matchCriteriaId": "344FF6A4-8041-4652-A0EA-F18BB0FCFB26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E6CC620F-8E83-4256-9872-CCCDF5A4ED35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F22B79F6-5CA1-4E5C-9223-345A39EDD507",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "260A155C-ED09-44E7-8279-5B94A4AC8CA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4E0506F-F2E6-45A2-B637-576C341A71B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2EC4513-B653-438A-A1E4-406D055FC160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5FDF363-24FA-45D2-879B-B1CF9B667AE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03A81F55-2B6B-467C-9281-AA11ED31220F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8143D88-890D-4C87-9120-46B33D7D63C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E5608F5-AC8A-4368-9323-A2CC09F18AAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ACEEB4D-D21D-4D89-881A-9FC33121F69C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE3D1495-E577-492F-ADE1-B8E8FB7F241A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "31B50C72-C84A-4B4B-9E62-EB78E50DD19A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "EBB4E82A-B1A2-4B35-B961-830FE00F1F7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "CCAD8F26-21A8-42D8-8B12-487F59EB10CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "360BB3DB-FC9E-4791-AF2F-D331267E1603",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "23FE3A27-39D4-4D73-9E04-81AB02736435",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F3FFBBD-D379-4C00-B8B7-2B21B7E8C6C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rubygems:rubygems:2.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5987FA3A-4C1B-45DC-909A-2B475917CC32",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9237145-35F8-4E05-B730-77C0F386E5B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C78BB1D8-0505-484D-B824-1AA219F8B247",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5178D04D-1C29-4353-8987-559AA07443EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0535DC9-EB0E-4745-80AC-4A020DF26E38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*",
              "matchCriteriaId": "94F5AA37-B466-4E2E-B217-5119BADDD87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0F0F5-4022-4837-9B40-4B1127732CC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*",
              "matchCriteriaId": "B3848B08-85C2-4AAD-AA33-CCEB80EF5B32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*",
              "matchCriteriaId": "B7927D40-2A3A-43AD-99F6-CE61882A1FF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*",
              "matchCriteriaId": "AA406EC6-6CA5-40A6-A879-AA8940CBEF07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p385:*:*:*:*:*:*",
              "matchCriteriaId": "1D041884-3921-4466-9A48-F644FDDA9D50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p392:*:*:*:*:*:*",
              "matchCriteriaId": "397A2EA7-6F83-427B-8578-3794EBF04849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p426:*:*:*:*:*:*",
              "matchCriteriaId": "298A5681-F756-4952-A9F8-E4C76736DF8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p429:*:*:*:*:*:*",
              "matchCriteriaId": "BC5A12F7-47E2-4AC7-A41B-F4B01319002D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "90E0471D-1323-4E67-B66C-DEBF3BBAEEAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B03B7561-A854-4EFA-9E4E-CFC4EEAE4EE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*",
              "matchCriteriaId": "D2423B85-0971-42AC-8B64-819008BC5778",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*",
              "matchCriteriaId": "1C663278-3B2A-4B7C-959A-2AA804467F21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*",
              "matchCriteriaId": "B7927149-A76A-48BC-8405-7375FC7D7486",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1:*:*:*:*:*:*",
              "matchCriteriaId": "CB116A84-1652-4F5D-98AC-81F0349EEDC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2:*:*:*:*:*:*",
              "matchCriteriaId": "259C21E7-6084-4710-9BB3-C232942A451E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "285A3431-BDFE-40C5-92CD-B18217757C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D66B32CB-AC49-4A1C-85ED-6389F27CB319",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.  NOTE: this issue is due to an incomplete fix for CVE-2013-4287."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en la complejidad algor\u00edtmica en Gem :: Versi\u00f3n :: ANCHORED_VERSION_PATTERN en lib / rubygems / version.rb en RubyGems anterior a 1.8.23.2, 1.8.24 hasta 1.8.26, 2.0.x anterior a 2.0.10, 2.1.5 y 2.1.x anterior a , como se usa en Ruby 1.9.0 hasta 2.0.0p247, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de una versi\u00f3n gem manipulada que provoca una gran cantidad de retroceso en una expresi\u00f3n regular. NOTA: este problema se debe a una correcci\u00f3n incompleta de CVE-2013-4287."
    }
  ],
  "id": "CVE-2013-4363",
  "lastModified": "2024-11-21T01:55:25.690",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-17T23:55:04.440",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2013/09/14/3"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2013/09/18/8"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2013/09/20/1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://puppet.com/security/cve/cve-2013-4363"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2013/09/14/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2013/09/18/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2013/09/20/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://puppet.com/security/cve/cve-2013-4363"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2013-4363

Vulnerability from gsd

Modified

2013-09-24 00:00

Details

Aliases

CVE-2013-4363

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-4363",
    "description": "Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.  NOTE: this issue is due to an incomplete fix for CVE-2013-4287.",
    "id": "GSD-2013-4363",
    "references": [
      "https://www.suse.com/security/cve/CVE-2013-4363.html",
      "https://advisories.mageia.org/CVE-2013-4363.html",
      "https://alas.aws.amazon.com/cve/html/CVE-2013-4363.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "affected": [
        {
          "package": {
            "ecosystem": "RubyGems",
            "name": "rubygems-update",
            "purl": "pkg:gem/rubygems-update"
          }
        }
      ],
      "aliases": [
        "CVE-2013-4363",
        "OSVDB-97163"
      ],
      "details": "Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.  NOTE: this issue is due to an incomplete fix for CVE-2013-4287.",
      "id": "GSD-2013-4363",
      "modified": "2013-09-24T00:00:00.000Z",
      "published": "2013-09-24T00:00:00.000Z",
      "references": [
        {
          "type": "WEB",
          "url": "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html"
        }
      ],
      "schema_version": "1.4.0",
      "severity": [
        {
          "score": 4.3,
          "type": "CVSS_V2"
        }
      ],
      "summary": "CVE-2013-4363 rubygems: version regex algorithmic complexity vulnerability, incomplete CVE-2013-4287 fix"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2013-4363",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.  NOTE: this issue is due to an incomplete fix for CVE-2013-4287."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://puppet.com/security/cve/cve-2013-4363",
            "refsource": "CONFIRM",
            "url": "https://puppet.com/security/cve/cve-2013-4363"
          },
          {
            "name": "[oss-security] 20130918 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2013/09/18/8"
          },
          {
            "name": "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html",
            "refsource": "CONFIRM",
            "url": "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html"
          },
          {
            "name": "[oss-security] 20130915 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2013/09/14/3"
          },
          {
            "name": "[oss-security] 20130920 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2013/09/20/1"
          }
        ]
      }
    },
    "github.com/rubysec/ruby-advisory-db": {
      "cve": "2013-4363",
      "cvss_v2": 4.3,
      "date": "2013-09-24",
      "description": "Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.  NOTE: this issue is due to an incomplete fix for CVE-2013-4287.",
      "gem": "rubygems-update",
      "library": "rubygems",
      "osvdb": 97163,
      "patched_versions": [
        "~\u003e 1.8.23.2",
        "~\u003e 1.8.27",
        "~\u003e 2.0.10",
        "\u003e= 2.1.5"
      ],
      "title": "CVE-2013-4363 rubygems: version regex algorithmic complexity vulnerability, incomplete CVE-2013-4287 fix",
      "url": "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html"
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c2.1.4",
          "affected_versions": "All versions before 2.1.4",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2017-12-09",
          "description": "Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.",
          "fixed_versions": [
            "2.1.4"
          ],
          "identifier": "CVE-2013-4363",
          "identifiers": [
            "CVE-2013-4363"
          ],
          "not_impacted": "All versions starting from 2.1.4",
          "package_slug": "gem/rubygems-update",
          "pubdate": "2013-10-17",
          "solution": "Upgrade to version 2.1.4 or above.",
          "title": "Cryptographic Issues",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2013-4363",
            "http://www.openwall.com/lists/oss-security/2013/09/18/8",
            "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html",
            "http://www.openwall.com/lists/oss-security/2013/09/14/3",
            "http://www.openwall.com/lists/oss-security/2013/09/20/1",
            "https://puppet.com/security/cve/cve-2013-4363"
          ],
          "uuid": "a2a19f5d-a120-4643-90b9-8f4618c2211e"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.8.23",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.1.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.0:preview2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.1.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.0:preview2.1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.0:preview2.2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:2.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rubygems:rubygems:1.8.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p385:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p392:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p426:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p429:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4363"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.  NOTE: this issue is due to an incomplete fix for CVE-2013-4287."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-310"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20130918 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older",
              "refsource": "MLIST",
              "tags": [
                "Patch"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/09/18/8"
            },
            {
              "name": "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html"
            },
            {
              "name": "[oss-security] 20130915 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older",
              "refsource": "MLIST",
              "tags": [
                "Patch"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/09/14/3"
            },
            {
              "name": "[oss-security] 20130920 Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older",
              "refsource": "MLIST",
              "tags": [
                "Patch"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/09/20/1"
            },
            {
              "name": "https://puppet.com/security/cve/cve-2013-4363",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://puppet.com/security/cve/cve-2013-4363"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-12-09T02:29Z",
      "publishedDate": "2013-10-17T23:55Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2013-4363

Vulnerability from cvelistv5

ghsa-9qvm-2vhf-q649

Vulnerability from github

cve-2013-4363

Vulnerability from fkie_nvd

gsd-2013-4363

Vulnerability from gsd

Tags

Sightings

Nomenclature