FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ruby -- BigDecimal denial of service vulnerability

Affected packages
1.8.*,1 <= ruby <,1
1.8.*,1 <= ruby+oniguruma <,1
1.8.*,1 <= ruby+pthreads <,1
1.8.*,1 <= ruby+pthreads+oniguruma <,1


VuXML ID 62e0fbe5-5798-11de-bb78-001cc0377035
Discovery 2009-06-09
Entry 2009-06-13
Modified 2010-05-02

The official ruby site reports:

A denial of service (DoS) vulnerability was found on the BigDecimal standard library of Ruby. Conversion from BigDecimal objects into Float numbers had a problem which enables attackers to effectively cause segmentation faults.

An attacker can cause a denial of service by causing BigDecimal to parse an insanely large number, such as:



Bugtraq ID 35278
CVE Name CVE-2009-1904