FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ruby-gems -- Algorithmic Complexity Vulnerability

Affected packages
ruby19-gems < 1.8.26
ruby20-gems < 1.8.26

Details

VuXML ID 54237182-9635-4a8b-92d7-33bfaeed84cd
Discovery 2013-09-09
Entry 2013-11-24

Ruby Gem developers report:

RubyGems validates versions with a regular expression that is vulnerable to denial of service due to backtracking. For specially crafted RubyGems versions attackers can cause denial of service through CPU consumption.

References

CVE Name CVE-2013-4287