Launchpad.net

CVE 2013-1812

The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.

Related bugs and status

CVE-2013-1812 (Candidate) is related to these bugs:

Bug #1190179: XML denial of service vulnerability

Summary				In	Importance	Status
	1190179	XML denial of service vulnerability		ruby-openid (Ubuntu)	Undecided	Fix Released
	1190179	XML denial of service vulnerability		ruby-openid (Ubuntu Quantal)	Undecided	Fix Released

Bug #1190491: XML denial of service vulnerability

		In	Importance	Status
1190491	XML denial of service vulnerability	libopenid-ruby (Ubuntu)	Undecided	Invalid
1190491	XML denial of service vulnerability	ruby-openid (Ubuntu)	Undecided	Fix Released
1190491	XML denial of service vulnerability	libopenid-ruby (Ubuntu Lucid)	Medium	Fix Released
1190491	XML denial of service vulnerability	ruby-openid (Ubuntu Lucid)	Undecided	Invalid
1190491	XML denial of service vulnerability	libopenid-ruby (Ubuntu Precise)	Medium	Fix Released
1190491	XML denial of service vulnerability	ruby-openid (Ubuntu Precise)	Undecided	Invalid
1190491	XML denial of service vulnerability	libopenid-ruby (Ubuntu Saucy)	Undecided	Invalid
1190491	XML denial of service vulnerability	ruby-openid (Ubuntu Saucy)	Undecided	Fix Released
1190491	XML denial of service vulnerability	libopenid-ruby (Ubuntu Quantal)	Undecided	Invalid
1190491	XML denial of service vulnerability	ruby-openid (Ubuntu Quantal)	Medium	Fix Released
1190491	XML denial of service vulnerability	libopenid-ruby (Ubuntu Raring)	Undecided	Invalid
1190491	XML denial of service vulnerability	ruby-openid (Ubuntu Raring)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-1812

Related bugs and status

Related bugs

References