FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-16 19:33:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
cc9043cf-7f7a-426e-b2cc-8d1980618113	ruby -- Heap Overflow in Floating Point Parsing Ruby developers report: Any time a string is converted to a floating point value, a specially crafted string can cause a heap overflow. This can lead to a denial of service attack via segmentation faults and possibly arbitrary code execution. Any program that converts input of unknown origin to floating point values (especially common when accepting JSON) are vulnerable. Discovery 2013-11-22 Entry 2013-11-23 ruby19 < 1.9.3.484,1 ruby20 < 2.0.0.353,1 https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released/ https://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-released/ CVE-2013-4164

VuXML ID

Description

cc9043cf-7f7a-426e-b2cc-8d1980618113

ruby -- Heap Overflow in Floating Point Parsing

Ruby developers report:

Any time a string is converted to a floating point value, a specially crafted string can cause a heap overflow. This can lead to a denial of service attack via segmentation faults and possibly arbitrary code execution. Any program that converts input of unknown origin to floating point values (especially common when accepting JSON) are vulnerable.

Discovery 2013-11-22
Entry 2013-11-23
ruby19

< 1.9.3.484,1

ruby20

< 2.0.0.353,1

https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released/
https://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-released/
CVE-2013-4164