Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems prior to 1.8.23.1, 1.8.24 up to and including 1.8.25, 2.0.x prior to 2.0.8, and 2.1.x prior to 2.1.0, as used in Ruby 1.9.0 up to and including 2.0.0p247, allows remote malicious users to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
redhat enterprise linux 6.0 |
||
rubygems rubygems 2.0.4 |
||
rubygems rubygems 2.0.5 |
||
rubygems rubygems 2.0.6 |
||
rubygems rubygems 1.8.10 |
||
rubygems rubygems 1.8.11 |
||
rubygems rubygems 1.8.18 |
||
rubygems rubygems 1.8.19 |
||
rubygems rubygems 1.8.6 |
||
rubygems rubygems 1.8.7 |
||
rubygems rubygems 2.1.0 |
||
rubygems rubygems 2.0.7 |
||
rubygems rubygems 1.8.24 |
||
rubygems rubygems 1.8.12 |
||
rubygems rubygems 1.8.13 |
||
rubygems rubygems 1.8.2 |
||
rubygems rubygems 1.8.20 |
||
rubygems rubygems 1.8.8 |
||
rubygems rubygems 1.8.9 |
||
rubygems rubygems 2.0.2 |
||
rubygems rubygems 2.0.3 |
||
rubygems rubygems 1.8.0 |
||
rubygems rubygems 1.8.1 |
||
rubygems rubygems 1.8.16 |
||
rubygems rubygems 1.8.17 |
||
rubygems rubygems 1.8.3 |
||
rubygems rubygems 1.8.4 |
||
rubygems rubygems 1.8.5 |
||
rubygems rubygems 2.0.0 |
||
rubygems rubygems 2.0.1 |
||
rubygems rubygems 1.8.25 |
||
rubygems rubygems |
||
rubygems rubygems 1.8.14 |
||
rubygems rubygems 1.8.15 |
||
rubygems rubygems 1.8.21 |
||
rubygems rubygems 1.8.22 |
||
ruby-lang ruby 1.9.3 |
||
ruby-lang ruby 2.0 |
||
ruby-lang ruby 2.0.0 |
||
ruby-lang ruby 1.9.1 |
||
ruby-lang ruby 1.9.2 |
||
ruby-lang ruby 1.9 |
Vulmon