FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
cc9043cf-7f7a-426e-b2cc-8d1980618113ruby -- Heap Overflow in Floating Point Parsing

Ruby developers report:

Any time a string is converted to a floating point value, a specially crafted string can cause a heap overflow. This can lead to a denial of service attack via segmentation faults and possibly arbitrary code execution. Any program that converts input of unknown origin to floating point values (especially common when accepting JSON) are vulnerable.


Discovery 2013-11-22
Entry 2013-11-23
ruby19
< 1.9.3.484,1

ruby20
< 2.0.0.353,1

https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released/
https://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-released/
CVE-2013-4164
79789daa-8af8-4e21-a47f-e8a645752bdbruby -- Object taint bypassing in DL and Fiddle in Ruby

Ruby Developers report:

There is a vulnerability in DL and Fiddle in Ruby where tainted strings can be used by system calls regardless of the $SAFE level set in Ruby.

Native functions exposed to Ruby with DL or Fiddle do not check the taint values set on the objects passed in. This can result in tainted objects being accepted as input when a SecurityError exception should be raised.


Discovery 2013-05-14
Entry 2013-05-26
ruby19
< 1.9.3.429,1

CVE-2013-2065
http://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/
ebd877b9-7ef4-4375-b1fd-c67780581898ruby -- Hostname check bypassing vulnerability in SSL client

Ruby Developers report:

Ruby's SSL client implements hostname identity check but it does not properly handle hostnames in the certificate that contain null bytes.


Discovery 2013-06-27
Entry 2013-07-11
Modified 2013-09-24
ruby19
< 1.9.3.448,1

ruby18
< 1.8.7.374,1

CVE-2013-4073
http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/