FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ruby-gems -- Algorithmic Complexity Vulnerability

Affected packages
	ruby19-gems	<	1.8.26
	ruby20-gems	<	1.8.26

Details

VuXML ID	54237182-9635-4a8b-92d7-33bfaeed84cd
Discovery	2013-09-09
Entry	2013-11-24

Ruby Gem developers report:

RubyGems validates versions with a regular expression that is vulnerable to denial of service due to backtracking. For specially crafted RubyGems versions attackers can cause denial of service through CPU consumption.

[source]

References

CVE Name

CVE-2013-4287