Sign-up

ID

VAR-201311-0106


CVE

CVE-2013-4164


TITLE

Ruby Heap-based buffer overflow vulnerability

Trust: 1.4

sources: CNNVD: CNNVD-201311-353 // JVNDB: JVNDB-2013-005257

DESCRIPTION

Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse. Ruby is prone to a heap-based buffer overflow vulnerability because it fails to adequate boundary checks on user-supplied input. An attacker can exploit this issue to execute arbitrary code in the context of the application using the affected function. Failed exploit attempts will likely crash the application. Following versions are vulnerable: Ruby 1.8 Ruby 1.9 prior to 1.9.3-p484 Ruby 2.0 prior to 2.0.0-p353 Ruby 2.1 prior to 2.1.0 preview2. ========================================================================== Ubuntu Security Notice USN-2035-1 November 27, 2013 ruby1.8, ruby1.9.1 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.10 - Ubuntu 13.04 - Ubuntu 12.10 - Ubuntu 12.04 LTS Summary: Several security issues were fixed in Ruby. (CVE-2013-4164) Vit Ondruch discovered that Ruby did not perform taint checking for certain functions. An attacker could possibly use this issue to bypass certain intended restrictions. (CVE-2013-2065) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: libruby1.8 1.8.7.358-7ubuntu2.1 libruby1.9.1 1.9.3.194-8.1ubuntu2.1 ruby1.8 1.8.7.358-7ubuntu2.1 ruby1.9.1 1.9.3.194-8.1ubuntu2.1 Ubuntu 13.04: libruby1.8 1.8.7.358-7ubuntu1.2 libruby1.9.1 1.9.3.194-8.1ubuntu1.2 ruby1.8 1.8.7.358-7ubuntu1.2 ruby1.9.1 1.9.3.194-8.1ubuntu1.2 Ubuntu 12.10: libruby1.8 1.8.7.358-4ubuntu0.4 libruby1.9.1 1.9.3.194-1ubuntu1.6 ruby1.8 1.8.7.358-4ubuntu0.4 ruby1.9.1 1.9.3.194-1ubuntu1.6 Ubuntu 12.04 LTS: libruby1.8 1.8.7.352-2ubuntu1.4 libruby1.9.1 1.9.3.0-1ubuntu2.8 ruby1.8 1.8.7.352-2ubuntu1.4 ruby1.9.1 1.9.3.0-1ubuntu2.8 In general, a standard system update will make all the necessary changes. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164 _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: 1294917053856fc539899d0b44ad0dbc mes5/i586/ruby-1.8.7-7p72.7mdvmes5.2.i586.rpm 3f2db72bc1631e542779316343e966c4 mes5/i586/ruby-devel-1.8.7-7p72.7mdvmes5.2.i586.rpm 39cfc6c4609fcc57176672475790b32b mes5/i586/ruby-doc-1.8.7-7p72.7mdvmes5.2.i586.rpm 0ec33b39a54d3bdf697f45da9f89e47a mes5/i586/ruby-tk-1.8.7-7p72.7mdvmes5.2.i586.rpm fd07a01ddd78a658dfc153a62031321f mes5/SRPMS/ruby-1.8.7-7p72.7mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: a931882acf32d122e07627496390d938 mes5/x86_64/ruby-1.8.7-7p72.7mdvmes5.2.x86_64.rpm b501426a2e620f092bbb599859250cbe mes5/x86_64/ruby-devel-1.8.7-7p72.7mdvmes5.2.x86_64.rpm ff3c3946cadf9572f9a9156ce1acc4d1 mes5/x86_64/ruby-doc-1.8.7-7p72.7mdvmes5.2.x86_64.rpm 7e11dfe3289d721f58692552d2dffe92 mes5/x86_64/ruby-tk-1.8.7-7p72.7mdvmes5.2.x86_64.rpm fd07a01ddd78a658dfc153a62031321f mes5/SRPMS/ruby-1.8.7-7p72.7mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 19f50bdda7f4d5298aad37fffcc161d2 mbs1/x86_64/ruby-1.8.7.p358-2.3.mbs1.x86_64.rpm cb212eb9e77942130daa03bd00129647 mbs1/x86_64/ruby-devel-1.8.7.p358-2.3.mbs1.x86_64.rpm 61727a178644e24a90893fd521beaf26 mbs1/x86_64/ruby-doc-1.8.7.p358-2.3.mbs1.noarch.rpm 7c7c74b929d64434f5fac3e9a6a16eac mbs1/x86_64/ruby-tk-1.8.7.p358-2.3.mbs1.x86_64.rpm 3b57d1f0167760c15f5a2b7187f9301b mbs1/SRPMS/ruby-1.8.7.p358-2.3.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFSlGwWmqjQ0CJFipgRAro6AKDxx5aol75oiREPEvp6GwJOdrHV4ACdEiEp IDtHqkEQ0Csfty0PsqPR7Xg= =XUfQ -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: ruby security update Advisory ID: RHSA-2013:1764-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1764.html Issue date: 2013-11-25 CVE Names: CVE-2013-4164 ===================================================================== 1. Summary: Updated ruby packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. (CVE-2013-4164) All ruby users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1033460 - CVE-2013-4164 ruby: heap overflow in floating point parsing 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm i386: ruby-1.8.7.352-13.el6.i686.rpm ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-devel-1.8.7.352-13.el6.i686.rpm ruby-irb-1.8.7.352-13.el6.i686.rpm ruby-libs-1.8.7.352-13.el6.i686.rpm ruby-rdoc-1.8.7.352-13.el6.i686.rpm x86_64: ruby-1.8.7.352-13.el6.x86_64.rpm ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm ruby-devel-1.8.7.352-13.el6.i686.rpm ruby-devel-1.8.7.352-13.el6.x86_64.rpm ruby-irb-1.8.7.352-13.el6.x86_64.rpm ruby-libs-1.8.7.352-13.el6.i686.rpm ruby-libs-1.8.7.352-13.el6.x86_64.rpm ruby-rdoc-1.8.7.352-13.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm i386: ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-docs-1.8.7.352-13.el6.i686.rpm ruby-ri-1.8.7.352-13.el6.i686.rpm ruby-static-1.8.7.352-13.el6.i686.rpm ruby-tcltk-1.8.7.352-13.el6.i686.rpm x86_64: ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm ruby-docs-1.8.7.352-13.el6.x86_64.rpm ruby-ri-1.8.7.352-13.el6.x86_64.rpm ruby-static-1.8.7.352-13.el6.x86_64.rpm ruby-tcltk-1.8.7.352-13.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm x86_64: ruby-1.8.7.352-13.el6.x86_64.rpm ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm ruby-devel-1.8.7.352-13.el6.i686.rpm ruby-devel-1.8.7.352-13.el6.x86_64.rpm ruby-irb-1.8.7.352-13.el6.x86_64.rpm ruby-libs-1.8.7.352-13.el6.i686.rpm ruby-libs-1.8.7.352-13.el6.x86_64.rpm ruby-rdoc-1.8.7.352-13.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm x86_64: ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm ruby-docs-1.8.7.352-13.el6.x86_64.rpm ruby-ri-1.8.7.352-13.el6.x86_64.rpm ruby-static-1.8.7.352-13.el6.x86_64.rpm ruby-tcltk-1.8.7.352-13.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm i386: ruby-1.8.7.352-13.el6.i686.rpm ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-devel-1.8.7.352-13.el6.i686.rpm ruby-irb-1.8.7.352-13.el6.i686.rpm ruby-libs-1.8.7.352-13.el6.i686.rpm ruby-rdoc-1.8.7.352-13.el6.i686.rpm ppc64: ruby-1.8.7.352-13.el6.ppc64.rpm ruby-debuginfo-1.8.7.352-13.el6.ppc.rpm ruby-debuginfo-1.8.7.352-13.el6.ppc64.rpm ruby-devel-1.8.7.352-13.el6.ppc.rpm ruby-devel-1.8.7.352-13.el6.ppc64.rpm ruby-irb-1.8.7.352-13.el6.ppc64.rpm ruby-libs-1.8.7.352-13.el6.ppc.rpm ruby-libs-1.8.7.352-13.el6.ppc64.rpm ruby-rdoc-1.8.7.352-13.el6.ppc64.rpm s390x: ruby-1.8.7.352-13.el6.s390x.rpm ruby-debuginfo-1.8.7.352-13.el6.s390.rpm ruby-debuginfo-1.8.7.352-13.el6.s390x.rpm ruby-devel-1.8.7.352-13.el6.s390.rpm ruby-devel-1.8.7.352-13.el6.s390x.rpm ruby-irb-1.8.7.352-13.el6.s390x.rpm ruby-libs-1.8.7.352-13.el6.s390.rpm ruby-libs-1.8.7.352-13.el6.s390x.rpm ruby-rdoc-1.8.7.352-13.el6.s390x.rpm x86_64: ruby-1.8.7.352-13.el6.x86_64.rpm ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm ruby-devel-1.8.7.352-13.el6.i686.rpm ruby-devel-1.8.7.352-13.el6.x86_64.rpm ruby-irb-1.8.7.352-13.el6.x86_64.rpm ruby-libs-1.8.7.352-13.el6.i686.rpm ruby-libs-1.8.7.352-13.el6.x86_64.rpm ruby-rdoc-1.8.7.352-13.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm i386: ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-docs-1.8.7.352-13.el6.i686.rpm ruby-ri-1.8.7.352-13.el6.i686.rpm ruby-static-1.8.7.352-13.el6.i686.rpm ruby-tcltk-1.8.7.352-13.el6.i686.rpm ppc64: ruby-debuginfo-1.8.7.352-13.el6.ppc64.rpm ruby-docs-1.8.7.352-13.el6.ppc64.rpm ruby-ri-1.8.7.352-13.el6.ppc64.rpm ruby-static-1.8.7.352-13.el6.ppc64.rpm ruby-tcltk-1.8.7.352-13.el6.ppc64.rpm s390x: ruby-debuginfo-1.8.7.352-13.el6.s390x.rpm ruby-docs-1.8.7.352-13.el6.s390x.rpm ruby-ri-1.8.7.352-13.el6.s390x.rpm ruby-static-1.8.7.352-13.el6.s390x.rpm ruby-tcltk-1.8.7.352-13.el6.s390x.rpm x86_64: ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm ruby-docs-1.8.7.352-13.el6.x86_64.rpm ruby-ri-1.8.7.352-13.el6.x86_64.rpm ruby-static-1.8.7.352-13.el6.x86_64.rpm ruby-tcltk-1.8.7.352-13.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm i386: ruby-1.8.7.352-13.el6.i686.rpm ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-devel-1.8.7.352-13.el6.i686.rpm ruby-irb-1.8.7.352-13.el6.i686.rpm ruby-libs-1.8.7.352-13.el6.i686.rpm ruby-rdoc-1.8.7.352-13.el6.i686.rpm x86_64: ruby-1.8.7.352-13.el6.x86_64.rpm ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm ruby-devel-1.8.7.352-13.el6.i686.rpm ruby-devel-1.8.7.352-13.el6.x86_64.rpm ruby-irb-1.8.7.352-13.el6.x86_64.rpm ruby-libs-1.8.7.352-13.el6.i686.rpm ruby-libs-1.8.7.352-13.el6.x86_64.rpm ruby-rdoc-1.8.7.352-13.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ruby-1.8.7.352-13.el6.src.rpm i386: ruby-debuginfo-1.8.7.352-13.el6.i686.rpm ruby-docs-1.8.7.352-13.el6.i686.rpm ruby-ri-1.8.7.352-13.el6.i686.rpm ruby-static-1.8.7.352-13.el6.i686.rpm ruby-tcltk-1.8.7.352-13.el6.i686.rpm x86_64: ruby-debuginfo-1.8.7.352-13.el6.x86_64.rpm ruby-docs-1.8.7.352-13.el6.x86_64.rpm ruby-ri-1.8.7.352-13.el6.x86_64.rpm ruby-static-1.8.7.352-13.el6.x86_64.rpm ruby-tcltk-1.8.7.352-13.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4164.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSk6BNXlSAg2UNWIIRAlZiAKDAAPRSZ1H9cccz0veRzTeGoeJjcACcCB69 P78u5S2/0ZOC5eh3GKqWcx0= =VMn2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Relevant releases/architectures: Management Engine - noarch, x86_64 3. Description: Red Hat CloudForms Management Engine delivers the insight, control, and automation enterprises need to address the challenges of managing virtual environments, which are far more complex than physical ones. This technology enables enterprises with existing virtual infrastructures to improve visibility and control, and those just starting virtualization deployments to build and operate a well-managed virtual infrastructure. (CVE-2013-4164) It was found that Red Hat CloudForms Management Engine did not properly sanitize user-supplied values in the ServiceController. (CVE-2014-0057) It was found that several number conversion helpers in Action View did not properly escape all their parameters. An attacker could use these flaws to perform a cross-site scripting (XSS) attack on an application that uses data submitted by a user as parameters to the affected helpers. (CVE-2014-0081) A memory consumption issue was discovered in the text rendering component of Action View. A remote attacker could use this flaw to perform a denial of service attack by sending specially crafted queries that would result in the creation of Ruby symbols that were never garbage collected. (CVE-2014-0082) Red Hat would like to thank the Ruby on Rails Project for reporting CVE-2014-0081 and CVE-2014-0082. Upstream acknowledges Kevin Reintjes as the original reporter of CVE-2014-0081, and Toby Hsieh of SlideShare as the original reporter of CVE-2014-0082. This update fixes several bugs and adds multiple enhancements. Documentation for these changes will be available shortly from the Red Hat CloudForms 3.0 Management Engine 5.2 Technical Notes linked to in the References section

Trust: 2.43

sources: NVD: CVE-2013-4164 // JVNDB: JVNDB-2013-005257 // BID: 63873 // PACKETSTORM: 124704 // PACKETSTORM: 124207 // PACKETSTORM: 124189 // PACKETSTORM: 124176 // PACKETSTORM: 125651 // PACKETSTORM: 124177

AFFECTED PRODUCTS

vendor:ruby langmodel:rubyscope:eqversion:1.8

Trust: 2.4

vendor:ruby langmodel:rubyscope:eqversion:1.9

Trust: 1.6

vendor:ruby langmodel:rubyscope:eqversion:2.0.0

Trust: 1.6

vendor:ruby langmodel:rubyscope:eqversion:1.9.2

Trust: 1.6

vendor:ruby langmodel:rubyscope:eqversion:1.9.1

Trust: 1.6

vendor:ruby langmodel:rubyscope:eqversion:2.1

Trust: 1.6

vendor:ruby langmodel:rubyscope:eqversion:1.9.3

Trust: 1.6

vendor:ruby langmodel:rubyscope:ltversion:2.0

Trust: 0.8

vendor:ruby langmodel:rubyscope:eqversion:1.9.3-p484

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.8.5

Trust: 0.8

vendor:applemodel:macos serverscope:eqversion:3.2.1

Trust: 0.8

vendor:applemodel:macos serverscope:ltversion:(os x mavericks v10.9.5 or later )

Trust: 0.8

vendor:ruby langmodel:rubyscope:eqversion:2.1.0 preview2

Trust: 0.8

vendor:applemodel:macos serverscope:ltversion:(os x yosemite v10.10 or later )

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.7.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.9.2

Trust: 0.8

vendor:ruby langmodel:rubyscope:ltversion:2.1

Trust: 0.8

vendor:ruby langmodel:rubyscope:ltversion:1.9

Trust: 0.8

vendor:applemodel:macos serverscope:eqversion:4.0

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.7.5

Trust: 0.8

vendor:ruby langmodel:rubyscope:eqversion:2.0.0-p353

Trust: 0.8

vendor:yukihiromodel:matsumoto ruby devscope:eqversion:1.9.3

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby rc2scope:eqversion:1.9.2

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby p180scope:eqversion:1.9.2

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby p136scope:eqversion:1.9.2

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby p0scope:eqversion:1.9.2

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby -rc1scope:eqversion:1.9.2

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby p431scope:eqversion:1.9.1

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby -p429scope:eqversion:1.9.1

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby -p376scope:eqversion:1.9.1

Trust: 0.3

vendor:yukihiromodel:matsumoto rubyscope:eqversion:1.9.1

Trust: 0.3

vendor:yukihiromodel:matsumoto rubyscope:eqversion:1.9-2

Trust: 0.3

vendor:yukihiromodel:matsumoto rubyscope:eqversion:1.9-1

Trust: 0.3

vendor:yukihiromodel:matsumoto rubyscope:eqversion:1.9

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby -p72scope:eqversion:1.8.7

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby -p71scope:eqversion:1.8.7

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby -p22scope:eqversion:1.8.7

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby -p21scope:eqversion:1.8.7

Trust: 0.3

vendor:yukihiromodel:matsumoto rubyscope:eqversion:1.8.7

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby -p287scope:eqversion:1.8.6

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby -p286scope:eqversion:1.8.6

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby -p230scope:eqversion:1.8.6

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby -p229scope:eqversion:1.8.6

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby -p114scope:eqversion:1.8.6

Trust: 0.3

vendor:yukihiromodel:matsumoto rubyscope:eqversion:1.8.6

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby -p231scope:eqversion:1.8.5

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby -p230scope:eqversion:1.8.5

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby -p2scope:eqversion:1.8.5

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby -p115scope:eqversion:1.8.5

Trust: 0.3

vendor:yukihiromodel:matsumoto rubyscope:eqversion:1.8.5

Trust: 0.3

vendor:yukihiromodel:matsumoto rubyscope:eqversion:1.8.4

Trust: 0.3

vendor:yukihiromodel:matsumoto rubyscope:eqversion:1.8.3

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby pre4scope:eqversion:1.8.2

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby pre3scope:eqversion:1.8.2

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby pre2scope:eqversion:1.8.2

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby pre1scope:eqversion:1.8.2

Trust: 0.3

vendor:yukihiromodel:matsumoto rubyscope:eqversion:1.8.2

Trust: 0.3

vendor:yukihiromodel:matsumoto rubyscope:eqversion:1.8.1

Trust: 0.3

vendor:yukihiromodel:matsumoto rubyscope:eqversion:1.8

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 2.1.0-preview1scope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 2.0.0-p247scope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 2.0.0-p195scope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto rubyscope:eqversion:2.0

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.9.3-p448scope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.9.3-p426scope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.9.3-p392scope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.9.3-p327scope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.9.3-p0scope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby pre3scope:eqversion:1.9.2

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.9.1-p430scope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.9.1-p378scope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto rubyscope:eqversion:1.9.0-3

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.8.8devscope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.8.7-p374scope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.8.7-p357scope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.8.7-p352scope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.8.7-p334scope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.8.7-p330scope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.8.7-p302scope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.8.7-p299scope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.8.7-p249scope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.8.7-p248scope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.8.7-p173scope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.8.7-p160scope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.8.6-p420scope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.8.6-p399scope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.8.6-p388scope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.8.6-p383scope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.8.6-p369scope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.8.6-p368scope: - version: -

Trust: 0.3

vendor:ubuntumodel:linuxscope:eqversion:13.10

Trust: 0.3

vendor:ubuntumodel:linuxscope:eqversion:13.04

Trust: 0.3

vendor:ubuntumodel:linuxscope:eqversion:12.10

Trust: 0.3

vendor:ubuntumodel:linuxscope:eqversion:12.04

Trust: 0.3

vendor:susemodel:linux enterprise software development kit sp3scope:eqversion:11

Trust: 0.3

vendor:susemodel:linux enterprise server sp3 for vmwarescope:eqversion:11

Trust: 0.3

vendor:susemodel:linux enterprise server sp3scope:eqversion:11

Trust: 0.3

vendor:susemodel:linux enterprise server sp2 for vmwarescope:eqversion:11

Trust: 0.3

vendor:susemodel:linux enterprise server sp2scope:eqversion:11

Trust: 0.3

vendor:susemodel:linux enterprise desktop sp3scope:eqversion:11

Trust: 0.3

vendor:susemodel:linux enterprise desktop sp2scope:eqversion:11

Trust: 0.3

vendor:susemodel:studio onsitescope:eqversion:1.3

Trust: 0.3

vendor:susemodel:linux enterprise software development kit sp2scope:eqversion:11

Trust: 0.3

vendor:susemodel:lifecycle management serverscope:eqversion:1.3

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:14.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:14.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.37

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.1

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:13.1

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:12.3

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:12.2

Trust: 0.3

vendor:redhatmodel:software collections for rhelscope:eqversion:0

Trust: 0.3

vendor:redhatmodel:openstackscope:eqversion:3.0

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux server eus 6.4.zscope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux server eus 6.3.zscope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux server eus 6.2.zscope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux server ausscope:eqversion:6.4

Trust: 0.3

vendor:redhatmodel:enterprise linux server ausscope:eqversion:6.2

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux high availability eus 6.4.zscope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:cloudformsscope:eqversion:3.0

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:3.1

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.8.3

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.8.2

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.8.0

Trust: 0.3

vendor:oraclemodel:solarisscope:eqversion:11.2

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6.2

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:mandrivamodel:business serverscope:eqversion:1x8664

Trust: 0.3

vendor:mandrivamodel:business serverscope:eqversion:1

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:ibmmodel:security network protection xgsscope:eqversion:51005.1.1

Trust: 0.3

vendor:ibmmodel:security network protection xgsscope:eqversion:51005.1

Trust: 0.3

vendor:ibmmodel:security network protection xgsscope:eqversion:5.1.2

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:applemodel:os mavericksscope:eqversion:x10.9.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.9

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.1.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x3.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x2.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.2

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 2.1.0-preview2scope:neversion: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 2.0.0-p353scope:neversion: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.9.3-p484scope:neversion: -

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:neversion:3.1.1

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:neversion:2.8.4

Trust: 0.3

vendor:applemodel:os mavericksscope:neversion:x10.9.3

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x3.1.2

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x4.0

Trust: 0.3

sources: BID: 63873 // CNNVD: CNNVD-201311-353 // JVNDB: JVNDB-2013-005257 // NVD: CVE-2013-4164

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-4164
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-4164
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201311-353
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2013-4164
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: CNNVD: CNNVD-201311-353 // JVNDB: JVNDB-2013-005257 // NVD: CVE-2013-4164

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2013-005257 // NVD: CVE-2013-4164

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201311-353

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201311-353

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005257

PATCH
title:HT6207url:http://support.apple.com/kb/HT6207
Trust: 0.8
title:HT6248url:http://support.apple.com/kb/HT6248
Trust: 0.8
title:HT6536url:http://support.apple.com/kb/HT6536
Trust: 0.8
title:HT6207url:http://support.apple.com/kb/HT6207?viewlocale=ja_JP
Trust: 0.8
title:HT6248url:http://support.apple.com/kb/HT6248?viewlocale=ja_JP
Trust: 0.8
title:HT6536url:http://support.apple.com/kb/HT6536?viewlocale=ja_JP
Trust: 0.8
title:DSA-2810url:http://www.debian.org/security/2013/dsa-2810
Trust: 0.8
title:openSUSE-SU-2013:1834url:http://lists.opensuse.org/opensuse-updates/2013-12/msg00027.html
Trust: 0.8
title:openSUSE-SU-2013:1835url:http://lists.opensuse.org/opensuse-updates/2013-12/msg00028.html
Trust: 0.8
title:Multiple vulnerabilities in Rubyurl:https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_ruby1
Trust: 0.8
title:Bug 1033460url:https://bugzilla.redhat.com/show_bug.cgi?id=1033460
Trust: 0.8
title:RHSA-2014:0215url:https://rhn.redhat.com/errata/RHSA-2014-0215.html
Trust: 0.8
title:RHSA-2013:1763url:http://rhn.redhat.com/errata/RHSA-2013-1763.html
Trust: 0.8
title:RHSA-2013:1764url:http://rhn.redhat.com/errata/RHSA-2013-1764.html
Trust: 0.8
title:RHSA-2013:1767url:http://rhn.redhat.com/errata/RHSA-2013-1767.html
Trust: 0.8
title:RHSA-2014:0011url:https://rhn.redhat.com/errata/RHSA-2014-0011.html
Trust: 0.8
title:Ruby 2.0.0-p353 is releasedurl:https://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-released
Trust: 0.8
title:Ruby 1.9.3-p484 is releasedurl:https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released
Trust: 0.8
title:Heap Overflow in Floating Point Parsing (CVE-2013-4164)url:https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164
Trust: 0.8
title:CVE-2013-4164 Buffer Errors vulnerability in Rubyurl:https://blogs.oracle.com/sunsecurity/entry/cve_2013_4164_buffer_errors
Trust: 0.8
title:ruby-2.0.0-p353url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49037
Trust: 0.6
title:ruby-2.1.0-preview2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49041
Trust: 0.6
title:ruby-1.9.3-p484url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49036
Trust: 0.6
title:ruby-2.1.0-preview2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49040
Trust: 0.6
title:ruby-1.9.3-p484url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49034
Trust: 0.6
title:ruby-2.0.0-p353url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49039
Trust: 0.6
title:ruby-1.9.3-p484url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49032
Trust: 0.6
title:ruby-2.0.0-p353url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49038
Trust: 0.6
title:ruby-2.1.0-preview2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49042
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201311-353 // 
            
            
            
            JVNDB: JVNDB-2013-005257

EXTERNAL IDS
db:NVDid:CVE-2013-4164
Trust: 3.3
db:OSVDBid:100113
Trust: 1.6
db:SECUNIAid:55787
Trust: 1.6
db:BIDid:63873
Trust: 1.3
db:SECUNIAid:57376
Trust: 1.0
db:JVNid:JVNVU95860341
Trust: 0.8
db:JVNid:JVNVU97537282
Trust: 0.8
db:JVNDBid:JVNDB-2013-005257
Trust: 0.8
db:CNNVDid:CNNVD-201311-353
Trust: 0.6
db:PACKETSTORMid:124704
Trust: 0.1
db:PACKETSTORMid:124207
Trust: 0.1
db:PACKETSTORMid:124189
Trust: 0.1
db:PACKETSTORMid:124176
Trust: 0.1
db:PACKETSTORMid:125651
Trust: 0.1
db:PACKETSTORMid:124177
Trust: 0.1
sources:
            
            
            BID: 63873 // 
            
            
            
            PACKETSTORM: 124704 // 
            
            
            
            PACKETSTORM: 124207 // 
            
            
            
            PACKETSTORM: 124189 // 
            
            
            
            PACKETSTORM: 124176 // 
            
            
            
            PACKETSTORM: 125651 // 
            
            
            
            PACKETSTORM: 124177 // 
            
            
            
            CNNVD: CNNVD-201311-353 // 
            
            
            
            JVNDB: JVNDB-2013-005257 // 
            
            
            
            NVD: CVE-2013-4164

REFERENCES
url:http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html
Trust: 1.8
url:http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
Trust: 1.8
url:https://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-released
Trust: 1.6
url:https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released
Trust: 1.6
url:https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164
Trust: 1.6
url:http://secunia.com/advisories/55787
Trust: 1.6
url:http://osvdb.org/100113
Trust: 1.6
url:http://rhn.redhat.com/errata/rhsa-2014-0011.html
Trust: 1.4
url:http://rhn.redhat.com/errata/rhsa-2013-1763.html
Trust: 1.4
url:http://rhn.redhat.com/errata/rhsa-2014-0215.html
Trust: 1.4
url:http://rhn.redhat.com/errata/rhsa-2013-1764.html
Trust: 1.4
url:https://support.apple.com/kb/ht6536
Trust: 1.3
url:http://rhn.redhat.com/errata/rhsa-2013-1767.html
Trust: 1.3
url:http://www.ubuntu.com/usn/usn-2035-1
Trust: 1.1
url:http://secunia.com/advisories/57376
Trust: 1.0
url:http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00009.html
Trust: 1.0
url:http://lists.opensuse.org/opensuse-updates/2013-12/msg00028.html
Trust: 1.0
url:http://www.debian.org/security/2013/dsa-2809
Trust: 1.0
url:https://puppet.com/security/cve/cve-2013-4164
Trust: 1.0
url:http://www.debian.org/security/2013/dsa-2810
Trust: 1.0
url:http://www.securityfocus.com/bid/63873
Trust: 1.0
url:http://lists.opensuse.org/opensuse-updates/2013-12/msg00027.html
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4164
Trust: 0.9
url:http://jvn.jp/vu/jvnvu95860341/index.html
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97537282/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4164
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2013-4164
Trust: 0.6
url:https://www.redhat.com/mailman/listinfo/rhsa-announce
Trust: 0.4
url:https://access.redhat.com/security/team/key/#package
Trust: 0.4
url:https://access.redhat.com/site/articles/11258
Trust: 0.4
url:https://bugzilla.redhat.com/):
Trust: 0.4
url:https://access.redhat.com/security/updates/classification/#critical
Trust: 0.4
url:https://www.redhat.com/security/data/cve/cve-2013-4164.html
Trust: 0.4
url:https://access.redhat.com/security/team/contact/
Trust: 0.4
url:http://seclists.org/bugtraq/2014/apr/133
Trust: 0.3
url:http://puppetlabs.com/security/cve/cve-2013-4164
Trust: 0.3
url:http://www.ruby-lang.org
Trust: 0.3
url:http://www.slackware.com/lists/archive/viewer.php?l=slackware-security&y=2013&m=slackware-security.484609
Trust: 0.3
url:https://blogs.oracle.com/sunsecurity/entry/cve_2013_4164_buffer_errors
Trust: 0.3
url:https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg21665279
Trust: 0.3
url:https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.194-1ubuntu1.6
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.352-2ubuntu1.4
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-2065
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.358-7ubuntu1.2
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.0-1ubuntu2.8
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.358-4ubuntu0.4
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.194-8.1ubuntu2.1
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.194-8.1ubuntu1.2
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.358-7ubuntu2.1
Trust: 0.1
url:http://www.mandriva.com/en/support/security/
Trust: 0.1
url:http://www.mandriva.com/en/support/security/advisories/
Trust: 0.1
url:https://access.redhat.com/site/documentation/en-us/cloudforms/3.0/html/management_engine_5.2_technical_notes/index.html
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-0082
Trust: 0.1
url:https://www.redhat.com/security/data/cve/cve-2014-0081.html
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-0057
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-0081
Trust: 0.1
url:https://www.redhat.com/security/data/cve/cve-2014-0057.html
Trust: 0.1
url:https://www.redhat.com/security/data/cve/cve-2014-0082.html
Trust: 0.1
sources:
            
            
            BID: 63873 // 
            
            
            
            PACKETSTORM: 124704 // 
            
            
            
            PACKETSTORM: 124207 // 
            
            
            
            PACKETSTORM: 124189 // 
            
            
            
            PACKETSTORM: 124176 // 
            
            
            
            PACKETSTORM: 125651 // 
            
            
            
            PACKETSTORM: 124177 // 
            
            
            
            CNNVD: CNNVD-201311-353 // 
            
            
            
            JVNDB: JVNDB-2013-005257 // 
            
            
            
            NVD: CVE-2013-4164

CREDITS
Red Hat
Trust: 0.4
sources:
            
            
            PACKETSTORM: 124704 // 
            
            
            
            PACKETSTORM: 124176 // 
            
            
            
            PACKETSTORM: 125651 // 
            
            
            
            PACKETSTORM: 124177

SOURCES
db:BIDid:63873
db:PACKETSTORMid:124704
db:PACKETSTORMid:124207
db:PACKETSTORMid:124189
db:PACKETSTORMid:124176
db:PACKETSTORMid:125651
db:PACKETSTORMid:124177
db:CNNVDid:CNNVD-201311-353
db:JVNDBid:JVNDB-2013-005257
db:NVDid:CVE-2013-4164

LAST UPDATE DATE
2025-09-12T20:16:32.017000+00:00

SOURCES UPDATE DATE
db:BIDid:63873date:2015-04-13T21:19:00
db:CNNVDid:CNNVD-201311-353date:2013-11-29T00:00:00
db:JVNDBid:JVNDB-2013-005257date:2015-08-10T00:00:00
db:NVDid:CVE-2013-4164date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:BIDid:63873date:2013-11-22T00:00:00
db:PACKETSTORMid:124704date:2014-01-08T00:11:54
db:PACKETSTORMid:124207date:2013-11-27T23:33:00
db:PACKETSTORMid:124189date:2013-11-26T15:55:00
db:PACKETSTORMid:124176date:2013-11-26T01:47:59
db:PACKETSTORMid:125651date:2014-03-11T21:31:51
db:PACKETSTORMid:124177date:2013-11-26T01:48:08
db:CNNVDid:CNNVD-201311-353date:2013-11-29T00:00:00
db:JVNDBid:JVNDB-2013-005257date:2013-11-27T00:00:00
db:NVDid:CVE-2013-4164date:2013-11-23T19:55:03.517