CVE 2013-1812
The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.
Related bugs and status
CVE-2013-1812 (Candidate) is related to these bugs:
Bug #1190179: XML denial of service vulnerability
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1190179 | XML denial of service vulnerability | ruby-openid (Ubuntu) | Undecided | Fix Released | ||
1190179 | XML denial of service vulnerability | ruby-openid (Ubuntu Quantal) | Undecided | Fix Released |
Bug #1190491: XML denial of service vulnerability
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1190491 | XML denial of service vulnerability | libopenid-ruby (Ubuntu) | Undecided | Invalid | ||
1190491 | XML denial of service vulnerability | ruby-openid (Ubuntu) | Undecided | Fix Released | ||
1190491 | XML denial of service vulnerability | libopenid-ruby (Ubuntu Lucid) | Medium | Fix Released | ||
1190491 | XML denial of service vulnerability | ruby-openid (Ubuntu Lucid) | Undecided | Invalid | ||
1190491 | XML denial of service vulnerability | libopenid-ruby (Ubuntu Precise) | Medium | Fix Released | ||
1190491 | XML denial of service vulnerability | ruby-openid (Ubuntu Precise) | Undecided | Invalid | ||
1190491 | XML denial of service vulnerability | libopenid-ruby (Ubuntu Saucy) | Undecided | Invalid | ||
1190491 | XML denial of service vulnerability | ruby-openid (Ubuntu Saucy) | Undecided | Fix Released | ||
1190491 | XML denial of service vulnerability | libopenid-ruby (Ubuntu Quantal) | Undecided | Invalid | ||
1190491 | XML denial of service vulnerability | ruby-openid (Ubuntu Quantal) | Medium | Fix Released | ||
1190491 | XML denial of service vulnerability | libopenid-ruby (Ubuntu Raring) | Undecided | Invalid | ||
1190491 | XML denial of service vulnerability | ruby-openid (Ubuntu Raring) | Undecided | Fix Released |
See the
CVE page on Mitre.org
for more details.