The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ruby | Ruby-lang | 1.6.8 (including) | 1.6.8 (including) |
| Ruby | Ruby-lang | 1.8.0 (including) | 1.8.0 (including) |
| Ruby | Ruby-lang | 1.8.1 (including) | 1.8.1 (including) |
| Ruby | Ruby-lang | 1.8.1–9 (including) | 1.8.1–9 (including) |
| Ruby | Ruby-lang | 1.8.2 (including) | 1.8.2 (including) |
| Ruby | Ruby-lang | 1.8.2-preview2 (including) | 1.8.2-preview2 (including) |
| Ruby | Ruby-lang | 1.8.2-preview3 (including) | 1.8.2-preview3 (including) |
| Ruby | Ruby-lang | 1.8.2-preview4 (including) | 1.8.2-preview4 (including) |
| Ruby | Ruby-lang | 1.8.3 (including) | 1.8.3 (including) |
| Ruby | Ruby-lang | 1.8.3-preview1 (including) | 1.8.3-preview1 (including) |
| Ruby | Ruby-lang | 1.8.3-preview2 (including) | 1.8.3-preview2 (including) |
| Ruby | Ruby-lang | 1.8.3-preview3 (including) | 1.8.3-preview3 (including) |
| Ruby | Ruby-lang | 1.8.4 (including) | 1.8.4 (including) |
| Ruby | Ruby-lang | 1.8.4-preview1 (including) | 1.8.4-preview1 (including) |
| Ruby | Ruby-lang | 1.8.4-preview2 (including) | 1.8.4-preview2 (including) |
| Ruby | Ruby-lang | 1.8.4-preview3 (including) | 1.8.4-preview3 (including) |
| Ruby | Ruby-lang | 1.8.5 (including) | 1.8.5 (including) |
| Ruby | Ruby-lang | 1.8.5-p11 (including) | 1.8.5-p11 (including) |
| Ruby | Ruby-lang | 1.8.5-p113 (including) | 1.8.5-p113 (including) |
| Ruby | Ruby-lang | 1.8.5-p114 (including) | 1.8.5-p114 (including) |
| Ruby | Ruby-lang | 1.8.5-p115 (including) | 1.8.5-p115 (including) |
| Ruby | Ruby-lang | 1.8.5-p12 (including) | 1.8.5-p12 (including) |
| Ruby | Ruby-lang | 1.8.5-p2 (including) | 1.8.5-p2 (including) |
| Ruby | Ruby-lang | 1.8.5-p231 (including) | 1.8.5-p231 (including) |
| Ruby | Ruby-lang | 1.8.5-p35 (including) | 1.8.5-p35 (including) |
| Ruby | Ruby-lang | 1.8.5-p52 (including) | 1.8.5-p52 (including) |
| Ruby | Ruby-lang | 1.8.5-preview1 (including) | 1.8.5-preview1 (including) |
| Ruby | Ruby-lang | 1.8.5-preview2 (including) | 1.8.5-preview2 (including) |
| Ruby | Ruby-lang | 1.8.5-preview3 (including) | 1.8.5-preview3 (including) |
| Ruby | Ruby-lang | 1.8.5-preview4 (including) | 1.8.5-preview4 (including) |
| Ruby | Ruby-lang | 1.8.5-preview5 (including) | 1.8.5-preview5 (including) |
| Ruby | Ruby-lang | 1.8.6 (including) | 1.8.6 (including) |
| Ruby | Ruby-lang | 1.8.6-p110 (including) | 1.8.6-p110 (including) |
| Ruby | Ruby-lang | 1.8.6-p111 (including) | 1.8.6-p111 (including) |
| Ruby | Ruby-lang | 1.8.6-p114 (including) | 1.8.6-p114 (including) |
| Ruby | Ruby-lang | 1.8.6-p230 (including) | 1.8.6-p230 (including) |
| Ruby | Ruby-lang | 1.8.6-p286 (including) | 1.8.6-p286 (including) |
| Ruby | Ruby-lang | 1.8.6-p36 (including) | 1.8.6-p36 (including) |
| Ruby | Ruby-lang | 1.8.6-preview1 (including) | 1.8.6-preview1 (including) |
| Ruby | Ruby-lang | 1.8.6-preview2 (including) | 1.8.6-preview2 (including) |
| Ruby | Ruby-lang | 1.8.6-preview3 (including) | 1.8.6-preview3 (including) |
| Ruby | Ruby-lang | 1.8.7 (including) | 1.8.7 (including) |
| Ruby | Ruby-lang | 1.8.7-p17 (including) | 1.8.7-p17 (including) |
| Ruby | Ruby-lang | 1.8.7-p22 (including) | 1.8.7-p22 (including) |
| Ruby | Ruby-lang | 1.8.7-p71 (including) | 1.8.7-p71 (including) |
| Ruby | Ruby-lang | 1.8.7-preview1 (including) | 1.8.7-preview1 (including) |
| Ruby | Ruby-lang | 1.8.7-preview2 (including) | 1.8.7-preview2 (including) |
| Ruby | Ruby-lang | 1.8.7-preview3 (including) | 1.8.7-preview3 (including) |
| Ruby | Ruby-lang | 1.8.7-preview4 (including) | 1.8.7-preview4 (including) |
| Ruby | Ruby-lang | 1.9.0 (including) | 1.9.0 (including) |
| Ruby | Ruby-lang | 1.9.0-r18423 (including) | 1.9.0-r18423 (including) |