CVE - CVE-2013-4164

CVE-ID
CVE-2013-4164	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164 CONFIRM:https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released CONFIRM:https://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-released CONFIRM:https://support.apple.com/kb/HT6536 CONFIRM:https://puppet.com/security/cve/cve-2013-4164 APPLE:APPLE-SA-2014-04-22-1 URL:http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html APPLE:APPLE-SA-2014-10-16-3 URL:http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html DEBIAN:DSA-2810 URL:http://www.debian.org/security/2013/dsa-2810 DEBIAN:DSA-2809 URL:http://www.debian.org/security/2013/dsa-2809 REDHAT:RHSA-2013:1763 URL:http://rhn.redhat.com/errata/RHSA-2013-1763.html REDHAT:RHSA-2013:1764 URL:http://rhn.redhat.com/errata/RHSA-2013-1764.html REDHAT:RHSA-2013:1767 URL:http://rhn.redhat.com/errata/RHSA-2013-1767.html REDHAT:RHSA-2014:0011 URL:http://rhn.redhat.com/errata/RHSA-2014-0011.html REDHAT:RHSA-2014:0215 URL:http://rhn.redhat.com/errata/RHSA-2014-0215.html SUSE:openSUSE-SU-2013:1834 URL:http://lists.opensuse.org/opensuse-updates/2013-12/msg00027.html SUSE:openSUSE-SU-2013:1835 URL:http://lists.opensuse.org/opensuse-updates/2013-12/msg00028.html SUSE:SUSE-SU-2013:1897 URL:http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00009.html UBUNTU:USN-2035-1 URL:http://www.ubuntu.com/usn/USN-2035-1 BID:63873 URL:http://www.securityfocus.com/bid/63873 OSVDB:100113 URL:http://osvdb.org/100113 SECUNIA:55787 URL:http://secunia.com/advisories/55787 SECUNIA:57376 URL:http://secunia.com/advisories/57376
Assigning CNA
N/A
Date Entry Created
20130612	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20130612)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org