Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Enterprise_linux | Redhat | 6.0 (including) | 6.0 (including) |
| OpenStack 3 for RHEL 6 | RedHat | ruby193-ruby-0:1.9.3.448-40.el6 | * |
| OpenStack 3 for RHEL 6 | RedHat | ruby193-rubygems-0:1.8.24-9.el6ost | * |
| Red Hat Enterprise Linux 6 | RedHat | rubygems-0:1.3.7-4.el6_4 | * |
| Red Hat Enterprise MRG 2 | RedHat | cumin-0:0.1.5787-4.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygems-0:1.8.23.2-1.el6 | * |
| Red Hat OpenShift Enterprise 2.0 | RedHat | rubygems-0:1.8.24-5.el6op | * |
| Red Hat Software Collections for RHEL-6 | RedHat | ruby193-ruby-0:1.9.3.448-40.el6 | * |
| Jruby | Ubuntu | devel | * |
| Jruby | Ubuntu | lucid | * |
| Jruby | Ubuntu | precise | * |
| Jruby | Ubuntu | quantal | * |
| Jruby | Ubuntu | raring | * |
| Ruby1.9.1 | Ubuntu | devel | * |
| Ruby1.9.1 | Ubuntu | lucid | * |
| Ruby1.9.1 | Ubuntu | precise | * |
| Ruby1.9.1 | Ubuntu | quantal | * |
| Ruby1.9.1 | Ubuntu | raring | * |
| Rubygems | Ubuntu | devel | * |
| Rubygems | Ubuntu | precise | * |
| Rubygems | Ubuntu | quantal | * |
| Rubygems | Ubuntu | raring | * |