{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-09-09T00:00:00", "descriptions": [{"lang": "en", "value": "Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-08T10:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20130909 CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/09/10/1"}, {"name": "55381", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55381"}, {"name": "RHSA-2013:1523", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1523.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://blog.rubygems.org/2013/09/09/CVE-2013-4287.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://puppet.com/security/cve/cve-2013-4287"}, {"name": "RHSA-2013:1427", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1427.html"}, {"name": "RHSA-2013:1852", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"}, {"name": "RHSA-2013:1441", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1441.html"}, {"name": "RHSA-2014:0207", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0207.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4287", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20130909 CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/09/10/1"}, {"name": "55381", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55381"}, {"name": "RHSA-2013:1523", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1523.html"}, {"name": "http://blog.rubygems.org/2013/09/09/CVE-2013-4287.html", "refsource": "CONFIRM", "url": "http://blog.rubygems.org/2013/09/09/CVE-2013-4287.html"}, {"name": "https://puppet.com/security/cve/cve-2013-4287", "refsource": "CONFIRM", "url": "https://puppet.com/security/cve/cve-2013-4287"}, {"name": "RHSA-2013:1427", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1427.html"}, {"name": "RHSA-2013:1852", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"}, {"name": "RHSA-2013:1441", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1441.html"}, {"name": "RHSA-2014:0207", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0207.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:38:01.871Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20130909 CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/09/10/1"}, {"name": "55381", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/55381"}, {"name": "RHSA-2013:1523", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1523.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://blog.rubygems.org/2013/09/09/CVE-2013-4287.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://puppet.com/security/cve/cve-2013-4287"}, {"name": "RHSA-2013:1427", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1427.html"}, {"name": "RHSA-2013:1852", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"}, {"name": "RHSA-2013:1441", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1441.html"}, {"name": "RHSA-2014:0207", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0207.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4287", "datePublished": "2013-10-17T23:00:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:38:01.871Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBD0BCCE-898F-4859-A1D8-5D15894BA539", "versionEndIncluding": "1.8.23", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "8D6A915B-43FF-4FFA-98FA-968403825D43", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "767790C2-2C72-45C0-A4EF-F21EAAAD1698", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "DBAB2571-F73A-4843-A494-1D10A214862D", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "57847827-F148-42C9-9180-3D5482249CB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "323AC584-E261-445D-9C84-DA34DFDE2D39", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "2A563E3D-2D87-4712-8C90-067ABB9D6810", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "7B540D22-0BDC-4727-B11E-9667F6E188BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "8D7D308E-2A6C-4DF7-94B1-C5BCC5C3FD24", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "741E979F-6AD5-4C15-8541-5D5F659E5ED3", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.9:*:*:*:*:*:*:*", "matchCriteriaId": "81C93DD3-19B4-431D-A7BD-E86F90F91745", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.10:*:*:*:*:*:*:*", "matchCriteriaId": "CA2C407B-2C0F-4C46-9F5B-6C63CC887941", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.11:*:*:*:*:*:*:*", "matchCriteriaId": "7865522C-C5D0-4D4B-B090-7B756B36DF4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.12:*:*:*:*:*:*:*", "matchCriteriaId": "CA1CDCDA-E1F2-4C23-8448-0EF1D61CE40B", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.13:*:*:*:*:*:*:*", "matchCriteriaId": "95AE74A8-4A90-4372-8B88-81FF7E6E578B", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.14:*:*:*:*:*:*:*", "matchCriteriaId": "3F6BED14-99EA-4F87-95BB-078D2CEED349", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.15:*:*:*:*:*:*:*", "matchCriteriaId": "7EC8340E-D33E-4DB6-A08B-E56EA035C133", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.16:*:*:*:*:*:*:*", "matchCriteriaId": "4BF3F97C-C396-4AFE-9EC6-4BBD840ED363", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.17:*:*:*:*:*:*:*", "matchCriteriaId": "41E7E929-1144-438A-A55D-0B5CE6886C0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.18:*:*:*:*:*:*:*", "matchCriteriaId": "F3EB522C-6EA5-4CF5-B610-CB9414DD4815", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.19:*:*:*:*:*:*:*", "matchCriteriaId": "EF3220D1-DEFF-46A6-95B3-A40838D4E294", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.20:*:*:*:*:*:*:*", "matchCriteriaId": "E8DA4D9E-B822-4254-856C-3176A948D718", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.21:*:*:*:*:*:*:*", "matchCriteriaId": "0D3EAD7C-CB12-4897-B5FA-63D49CDABD35", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.22:*:*:*:*:*:*:*", "matchCriteriaId": "03AC5DA5-AD7F-4C7F-8437-568B7AAAEB17", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.24:*:*:*:*:*:*:*", "matchCriteriaId": "B549DE72-CB99-4E37-9B0A-CDDBF1AC7B27", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:1.8.25:*:*:*:*:*:*:*", "matchCriteriaId": "CBA0773B-1409-4407-AF8C-ED4212FE8DB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F2D82506-3FB5-41BA-8704-CC324C0B0DB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "260A155C-ED09-44E7-8279-5B94A4AC8CA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "C4E0506F-F2E6-45A2-B637-576C341A71B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "C2EC4513-B653-438A-A1E4-406D055FC160", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "F5FDF363-24FA-45D2-879B-B1CF9B667AE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "03A81F55-2B6B-467C-9281-AA11ED31220F", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:2.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "A8143D88-890D-4C87-9120-46B33D7D63C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:2.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "3E5608F5-AC8A-4368-9323-A2CC09F18AAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:2.1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "EBB4E82A-B1A2-4B35-B961-830FE00F1F7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubygems:rubygems:2.1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "CCAD8F26-21A8-42D8-8B12-487F59EB10CD", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*", "matchCriteriaId": "D9237145-35F8-4E05-B730-77C0F386E5B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "C78BB1D8-0505-484D-B824-1AA219F8B247", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "5178D04D-1C29-4353-8987-559AA07443EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "D0535DC9-EB0E-4745-80AC-4A020DF26E38", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*", "matchCriteriaId": "94F5AA37-B466-4E2E-B217-5119BADDD87B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*", "matchCriteriaId": "6DF0F0F5-4022-4837-9B40-4B1127732CC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*", "matchCriteriaId": "B3848B08-85C2-4AAD-AA33-CCEB80EF5B32", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*", "matchCriteriaId": "B7927D40-2A3A-43AD-99F6-CE61882A1FF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*", "matchCriteriaId": "AA406EC6-6CA5-40A6-A879-AA8940CBEF07", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p385:*:*:*:*:*:*", "matchCriteriaId": "1D041884-3921-4466-9A48-F644FDDA9D50", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p392:*:*:*:*:*:*", "matchCriteriaId": "397A2EA7-6F83-427B-8578-3794EBF04849", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p426:*:*:*:*:*:*", "matchCriteriaId": "298A5681-F756-4952-A9F8-E4C76736DF8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.3:p429:*:*:*:*:*:*", "matchCriteriaId": "BC5A12F7-47E2-4AC7-A41B-F4B01319002D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "90E0471D-1323-4E67-B66C-DEBF3BBAEEAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B03B7561-A854-4EFA-9E4E-CFC4EEAE4EE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*", "matchCriteriaId": "D2423B85-0971-42AC-8B64-819008BC5778", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*", "matchCriteriaId": "1C663278-3B2A-4B7C-959A-2AA804467F21", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*", "matchCriteriaId": "B7927149-A76A-48BC-8405-7375FC7D7486", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1:*:*:*:*:*:*", "matchCriteriaId": "CB116A84-1652-4F5D-98AC-81F0349EEDC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2:*:*:*:*:*:*", "matchCriteriaId": "259C21E7-6084-4710-9BB3-C232942A451E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "285A3431-BDFE-40C5-92CD-B18217757C23", "vulnerable": true}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "D66B32CB-AC49-4A1C-85ED-6389F27CB319", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression."}, {"lang": "es", "value": "Vulnerabilidad en la complejidad algor\u00edtmicade Gem :: Versi\u00f3n :: VERSION_PATTERN en lib / rubygems / version.rb de RubyGems antes 1.8.23.1, 1.8.24 hasta 1.8.25, 2.0.x antes de 2.0.8, y 2.1.x anterior a 2.1.0 , como se usa en Ruby 1.9.0 hasta 2.0.0p247, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de una versi\u00f3n de una gem manipulada que provoca una gran cantidad de retroceso en una expresi\u00f3n regular."}], "id": "CVE-2013-4287", "lastModified": "2024-11-21T01:55:17.003", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-10-17T23:55:04.407", "references": [{"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://blog.rubygems.org/2013/09/09/CVE-2013-4287.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1427.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-1441.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-1523.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2014-0207.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/55381"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2013/09/10/1"}, {"source": "secalert@redhat.com", "url": "https://puppet.com/security/cve/cve-2013-4287"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://blog.rubygems.org/2013/09/09/CVE-2013-4287.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1427.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-1441.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-1523.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2014-0207.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/55381"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2013/09/10/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://puppet.com/security/cve/cve-2013-4287"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Rubygems upstream for reporting this issue. Upstream acknowledges Damir Sharipov as the original reporter.", "affected_release": [{"advisory": "RHSA-2013:1523", "cpe": "cpe:/a:redhat:openstack:3::el6", "package": "ruby193-ruby-0:1.9.3.448-40.el6", "product_name": "OpenStack 3 for RHEL 6", "release_date": "2013-11-14T00:00:00Z"}, {"advisory": "RHSA-2013:1523", "cpe": "cpe:/a:redhat:openstack:3::el6", "package": "ruby193-rubygems-0:1.8.24-9.el6ost", "product_name": "OpenStack 3 for RHEL 6", "release_date": "2013-11-14T00:00:00Z"}, {"advisory": "RHSA-2013:1441", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "rubygems-0:1.3.7-4.el6_4", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-10-17T00:00:00Z"}, {"advisory": "RHSA-2013:1852", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "cumin-0:0.1.5787-4.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2013-12-17T00:00:00Z"}, {"advisory": "RHSA-2013:1852", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "rubygems-0:1.8.23.2-1.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2013-12-17T00:00:00Z"}, {"advisory": "RHSA-2014:0207", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "rubygems-0:1.8.24-5.el6op", "product_name": "Red Hat OpenShift Enterprise 2.0", "release_date": "2014-02-24T00:00:00Z"}, {"advisory": "RHSA-2013:1427", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el6", "package": "ruby193-ruby-0:1.9.3.448-40.el6", "product_name": "Red Hat Software Collections for RHEL-6", "release_date": "2013-10-15T00:00:00Z"}], "bugzilla": {"description": "rubygems: version regex algorithmic complexity vulnerability", "id": "1002364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1002364"}, "csaw": false, "cvss": {"cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified"}, "cwe": "CWE-407->CWE-400", "details": ["Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2013-4287", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Affected", "package_name": "rubygems", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/a:redhat:openshift:1", "fix_state": "Will not fix", "package_name": "ruby193-ruby", "product_name": "OpenShift Enterprise 1"}, {"cpe": "cpe:/a:redhat:openshift:1", "fix_state": "Will not fix", "package_name": "rubygems", "product_name": "OpenShift Enterprise 1"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "ruby", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openstack:4", "fix_state": "Affected", "package_name": "ruby193-rubygems", "product_name": "Red Hat OpenStack Platform 4"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Will not fix", "package_name": "ruby193-rubygems", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Will not fix", "package_name": "rubygems", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Affected", "package_name": "ruby193-rubygems", "product_name": "Red Hat Subscription Asset Manager"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Will not fix", "package_name": "rubygems", "product_name": "Red Hat Subscription Asset Manager"}], "public_date": "2013-09-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-4287\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-4287\nhttp://blog.rubygems.org/2013/09/09/CVE-2013-4287.html"], "statement": "Red Hat OpenShift Enterprise 1.2 is now in Production 1 Phase of the support\nand maintenance life cycle. This has been rated as having Moderate security\nimpact and is not currently planned to be addressed in future updates. For\nadditional information, refer to the Red Hat OpenShift Enterprise Life Cycle:\nhttps://access.redhat.com/site/support/policy/updates/openshift.", "threat_severity": "Moderate", "upstream_fix": "rubygems 2.1.0, rubygems 2.0.8, rubygems 1.8.26, rubygems 1.8.23.1"}