Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. NOTE: this issue is due to an incomplete fix for CVE-2013-4287.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Rubygems | Rubygems | 1.8.24 | 1.8.24 |
Rubygems | Rubygems | 1.8.16 | 1.8.16 |
Rubygems | Rubygems | 2.1.0 | 2.1.0 |
Rubygems | Rubygems | 2.0.0 | 2.0.0 |
Rubygems | Rubygems | 2.0.0 | 2.0.0 |
Rubygems | Rubygems | 2.0.6 | 2.0.6 |
Rubygems | Rubygems | 1.8.20 | 1.8.20 |
Rubygems | Rubygems | 1.8.0 | 1.8.0 |
Rubygems | Rubygems | 2.0.5 | 2.0.5 |
Rubygems | Rubygems | 2.0.4 | 2.0.4 |
Rubygems | Rubygems | 1.8.8 | 1.8.8 |
Rubygems | Rubygems | 1.8.12 | 1.8.12 |
Rubygems | Rubygems | 1.8.22 | 1.8.22 |
Rubygems | Rubygems | 1.8.17 | 1.8.17 |
Rubygems | Rubygems | 2.1.1 | 2.1.1 |
Rubygems | Rubygems | 1.8.15 | 1.8.15 |
Rubygems | Rubygems | 1.8.5 | 1.8.5 |
Rubygems | Rubygems | 2.1.4 | 2.1.4 |
Rubygems | Rubygems | 1.8.21 | 1.8.21 |
Rubygems | Rubygems | 2.0.0 | 2.0.0 |
Rubygems | Rubygems | 1.8.2 | 1.8.2 |
Rubygems | Rubygems | 1.8.26 | 1.8.26 |
Rubygems | Rubygems | 1.8.9 | 1.8.9 |
Rubygems | Rubygems | 2.0.0 | 2.0.0 |
Rubygems | Rubygems | 2.0.0 | 2.0.0 |
Rubygems | Rubygems | 2.0.3 | 2.0.3 |
Rubygems | Rubygems | 1.8.6 | 1.8.6 |
Rubygems | Rubygems | 1.8.14 | 1.8.14 |
Rubygems | Rubygems | 1.8.10 | 1.8.10 |
Rubygems | Rubygems | 2.1.2 | 2.1.2 |
Rubygems | Rubygems | 2.0.0 | 2.0.0 |
Rubygems | Rubygems | 1.8.19 | 1.8.19 |
Rubygems | Rubygems | 1.8.13 | 1.8.13 |
Rubygems | Rubygems | 1.8.3 | 1.8.3 |
Rubygems | Rubygems | 2.0.9 | 2.0.9 |
Rubygems | Rubygems | 1.8.18 | 1.8.18 |
Rubygems | Rubygems | 1.8.25 | 1.8.25 |
Rubygems | Rubygems | 2.0.2 | 2.0.2 |
Rubygems | Rubygems | 2.1.3 | 2.1.3 |
Rubygems | Rubygems | * | 1.8.23 |
Rubygems | Rubygems | 1.8.7 | 1.8.7 |
Rubygems | Rubygems | 1.8.1 | 1.8.1 |
Rubygems | Rubygems | 2.0.7 | 2.0.7 |
Rubygems | Rubygems | 2.0.1 | 2.0.1 |
Rubygems | Rubygems | 2.1.0 | 2.1.0 |
Rubygems | Rubygems | 2.1.0 | 2.1.0 |
Rubygems | Rubygems | 1.8.4 | 1.8.4 |
Rubygems | Rubygems | 2.0.8 | 2.0.8 |
Rubygems | Rubygems | 1.8.11 | 1.8.11 |