FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ruby -- Hostname check bypassing vulnerability in SSL client

Affected packages
ruby19 < 1.9.3.448,1
ruby18 < 1.8.7.374,1

Details

VuXML ID ebd877b9-7ef4-4375-b1fd-c67780581898
Discovery 2013-06-27
Entry 2013-07-11
Modified 2013-09-24

Ruby Developers report:

Ruby's SSL client implements hostname identity check but it does not properly handle hostnames in the certificate that contain null bytes.

References

CVE Name CVE-2013-4073
URL http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/