Date: Thu, 14 Aug 2008 18:45:52 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: "Steven M. Christey" <coley@...us.mitre.org> cc: oss-security@...ts.openwall.com, coley@...re.org Subject: Re: CVE id requests: ruby Note the following DoS in the regular expression engine, which smells like a NULL pointer dereference. This appears to have been fixed in the latest release. A *likely* (but not provable) changelog entry for the fix is: "regex.c (DOUBLE_STACK, re_compile_fastmap0, re_adjust_startpos), (re_search, re_match_exec): check if failed to allocate memory." - Steve ====================================================== Name: CVE-2008-3443 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3443 Reference: MILW0RM:6239 Reference: URL:http://www.milw0rm.com/exploits/6239 The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.