CVE-2013-4363: Cryptographic Issues

October 17, 2013 (updated December 9, 2017)

Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.

References

blog.rubygems.org/2013/09/24/CVE-2013-4363.html
www.openwall.com/lists/oss-security/2013/09/14/3
www.openwall.com/lists/oss-security/2013/09/18/8
www.openwall.com/lists/oss-security/2013/09/20/1
nvd.nist.gov/vuln/detail/CVE-2013-4363
puppet.com/security/cve/cve-2013-4363

Code Behaviors & Features

Detect and mitigate CVE-2013-4363 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →