Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message.
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Rails | Rubyonrails | 3.0.0 (including) | 3.2.15 (excluding) |
CloudForms Management Engine 5.4 | RedHat | cfme-0:5.4.0.5-1.el6cf | * |
CloudForms Management Engine 5.4 | RedHat | cfme-gemset-0:5.4.0.5-1.el6cf | * |
CloudForms Management Engine 5.4 | RedHat | cfme-vnc-plugin-0:1.0.0-2.el6cf | * |
CloudForms Management Engine 5.4 | RedHat | libdnet-0:1.12-11.el6cf | * |
CloudForms Management Engine 5.4 | RedHat | lshw-0:B.02.16-4.el6cf | * |
CloudForms Management Engine 5.4 | RedHat | netapp-manageability-sdk-0:4.0P1-3.el6cf | * |
CloudForms Management Engine 5.4 | RedHat | open-vm-tools-0:9.2.3-5.el6cf | * |
CloudForms Management Engine 5.4 | RedHat | prince-0:9.0r2-4.el6cf | * |
CloudForms Management Engine 5.4 | RedHat | pyliblzma-0:0.5.3-7.el6cf | * |
CloudForms Management Engine 5.4 | RedHat | ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf | * |
CloudForms Management Engine 5.4 | RedHat | ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf | * |
CloudForms Management Engine 5.4 | RedHat | ruby200-rubygem-ffi-0:1.9.8-1.el6cf | * |
CloudForms Management Engine 5.4 | RedHat | ruby200-rubygem-io-extra-0:1.2.8-1.el6cf | * |
CloudForms Management Engine 5.4 | RedHat | ruby200-rubygem-json-0:1.8.2-2.el6cf | * |
CloudForms Management Engine 5.4 | RedHat | ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf | * |
CloudForms Management Engine 5.4 | RedHat | ruby200-rubygem-pg-0:0.12.2-9.el6cf | * |
CloudForms Management Engine 5.4 | RedHat | ruby200-rubygem-psych-0:2.0.13-1.el6cf | * |
CloudForms Management Engine 5.4 | RedHat | ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf | * |
CloudForms Management Engine 5.4 | RedHat | ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf | * |
CloudForms Management Engine 5.4 | RedHat | ruby200-rubygem-thin-0:1.3.1-9.el6cf | * |
CloudForms Management Engine 5.4 | RedHat | sneakernet_ca-0:0.1-2.el6cf | * |
CloudForms Management Engine 5.4 | RedHat | wmi-0:1.3.14-1.el6cf | * |
Rails | Ubuntu | upstream | * |
Ruby-actionmailer-3.2 | Ubuntu | quantal | * |
Ruby-actionmailer-3.2 | Ubuntu | raring | * |
Ruby-actionmailer-3.2 | Ubuntu | saucy | * |
Ruby-actionmailer-3.2 | Ubuntu | upstream | * |
Ruby-actionpack-2.3 | Ubuntu | upstream | * |
Ruby-activerecord-2.3 | Ubuntu | upstream | * |
Ruby-activesupport-2.3 | Ubuntu | upstream | * |
Ruby-rails-2.3 | Ubuntu | upstream | * |