Launchpad CVE tracker

CVE 2009-1904

The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type.

Related bugs and status

CVE-2009-1904 (Candidate) is related to these bugs:

Bug #385436: DoS vulnerability in BigDecimal Ruby Library

Summary				In	Importance	Status
	385436	DoS vulnerability in BigDecimal Ruby Library		ruby1.8 (Ubuntu)	Medium	Fix Released
	385436	DoS vulnerability in BigDecimal Ruby Library		ruby1.8 (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [pkgsrc-changes] 20090...
MLIST: [rubyonrails-security]...
CONFIRM: http://bugs.debian.org...
CONFIRM: http://bugs.gentoo.org...
CONFIRM: http://github.com/NZKo...
CONFIRM: http://redmine.ruby-la...
CONFIRM: http://weblog.rubyonra...
CONFIRM: http://www.ruby-forum....
CONFIRM: http://www.ruby-lang.o...
CONFIRM: https://bugs.launchpad...
CONFIRM: https://bugs.launchpad...
BID: 35278
SECUNIA: 35399
VUPEN: ADV-2009-1563
OSVDB: 55031
SECUNIA: 35527
REDHAT: RHSA-2009:1140
SECTRACK: 1022371
GENTOO: GLSA-200906-02
SECUNIA: 35699
SECUNIA: 35593
MANDRIVA: MDVSA-2009:160
UBUNTU: USN-805-1
SECUNIA: 35937
FEDORA: FEDORA-2009-13066
SECUNIA: 37705
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2010-03-29-1
SLACKWARE: SSA:2009-170-02
XF: ruby-bigdecimal-dos(51...
OVAL: oval:org.mitre.oval:de...

Launchpad.net

CVE 2009-1904

Related bugs and status

Related bugs

References