CVE-2008-3443 : Detail

The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.

Related Weaknesses

Metrics

EPSS

EPSS Score

EPSS Percentile

Exploit information

Exploit Database EDB-ID : 6239

Publication date : 2008-08-12 22h00 +00:00
Author : laurent gaffié
EDB Verified : Yes

Products Mentioned

Configuraton 0

Ruby-lang>>Ruby >> Version 1.6.8

Ruby-lang>>Ruby >> Version 1.8.0

Ruby-lang>>Ruby >> Version 1.8.1

Ruby-lang>>Ruby >> Version 1.8.1

Ruby-lang>>Ruby >> Version 1.8.2

Ruby-lang>>Ruby >> Version 1.8.2

Ruby-lang>>Ruby >> Version 1.8.2

Ruby-lang>>Ruby >> Version 1.8.2

Ruby-lang>>Ruby >> Version 1.8.3

Ruby-lang>>Ruby >> Version 1.8.3

Ruby-lang>>Ruby >> Version 1.8.3

Ruby-lang>>Ruby >> Version 1.8.3

Ruby-lang>>Ruby >> Version 1.8.4

Ruby-lang>>Ruby >> Version 1.8.4

Ruby-lang>>Ruby >> Version 1.8.4

Ruby-lang>>Ruby >> Version 1.8.4

Ruby-lang>>Ruby >> Version 1.8.5

Ruby-lang>>Ruby >> Version 1.8.5

Ruby-lang>>Ruby >> Version 1.8.5

Ruby-lang>>Ruby >> Version 1.8.5

Ruby-lang>>Ruby >> Version 1.8.5

Ruby-lang>>Ruby >> Version 1.8.5

Ruby-lang>>Ruby >> Version 1.8.5

Ruby-lang>>Ruby >> Version 1.8.5

Ruby-lang>>Ruby >> Version 1.8.5

Ruby-lang>>Ruby >> Version 1.8.5

Ruby-lang>>Ruby >> Version 1.8.5

Ruby-lang>>Ruby >> Version 1.8.5

Ruby-lang>>Ruby >> Version 1.8.5

Ruby-lang>>Ruby >> Version 1.8.5

Ruby-lang>>Ruby >> Version 1.8.5

Ruby-lang>>Ruby >> Version 1.8.6

Ruby-lang>>Ruby >> Version 1.8.6

Ruby-lang>>Ruby >> Version 1.8.6

Ruby-lang>>Ruby >> Version 1.8.6

Ruby-lang>>Ruby >> Version 1.8.6

Ruby-lang>>Ruby >> Version 1.8.6

Ruby-lang>>Ruby >> Version 1.8.6

Ruby-lang>>Ruby >> Version 1.8.6

Ruby-lang>>Ruby >> Version 1.8.6

Ruby-lang>>Ruby >> Version 1.8.6

Ruby-lang>>Ruby >> Version 1.8.7

Ruby-lang>>Ruby >> Version 1.8.7

Ruby-lang>>Ruby >> Version 1.8.7

Ruby-lang>>Ruby >> Version 1.8.7

Ruby-lang>>Ruby >> Version 1.8.7

Ruby-lang>>Ruby >> Version 1.8.7

Ruby-lang>>Ruby >> Version 1.8.7

Ruby-lang>>Ruby >> Version 1.8.7

Ruby-lang>>Ruby >> Version 1.9.0

Ruby-lang>>Ruby >> Version 1.9.0

References