Red Hat Bugzilla – Bug 459266
CVE-2008-3443 ruby: Memory allocation failure in Ruby regex engine (remotely exploitable DoS)
Last modified: 2008-11-13 10:21:05 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-3443 to
the following vulnerability:
The regular expression engine (regex.c) in Ruby 1.8.5 and earlier,
1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through
r18423 allows remote attackers to cause a denial of service (infinite
loop and crash) via multiple long requests to a Ruby socket, related
to memory allocation failure, and as demonstrated against Webrick.
This issue affects all versions of the Ruby package as shipped
with the Red Hat Enteprise Linux 2.1, 3, 4, 5 and Fedora 8, 9 and 10.
ruby-188.8.131.527-2.fc8 has been submitted as an update for Fedora 8.
ruby-184.108.40.2067-2.fc9 has been submitted as an update for Fedora 9.
ruby-220.127.116.117-2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
ruby-18.104.22.1687-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in:
Red Hat Enterprise Linux: