CVE-2013-4164

Publication date 22 November 2013

Last updated 24 July 2024


Ubuntu priority

Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.

Status

Package Ubuntu Release Status
ruby1.8 14.04 LTS trusty Not in release
13.10 saucy
Fixed 1.8.7.358-7ubuntu2.1
13.04 raring
Fixed 1.8.7.358-7ubuntu1.2
12.10 quantal
Fixed 1.8.7.358-4ubuntu0.4
12.04 LTS precise
Fixed 1.8.7.352-2ubuntu1.4
10.04 LTS lucid Ignored end of life
ruby1.9 14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Ignored end of life
ruby1.9.1 14.04 LTS trusty
Fixed 1.9.3.448-1ubuntu2
13.10 saucy
Fixed 1.9.3.194-8.1ubuntu2.1
13.04 raring
Fixed 1.9.3.194-8.1ubuntu1.2
12.10 quantal
Fixed 1.9.3.194-1ubuntu1.6
12.04 LTS precise
Fixed 1.9.3.0-1ubuntu2.8
10.04 LTS lucid Ignored end of life
ruby2.0 14.04 LTS trusty
Fixed 2.0.0.343-1ubuntu1
13.10 saucy Ignored end of life
13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Not in release