Showing 1 - 1 of 1

CVE-2013-1800

Status Candidate

Overview

The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.

Related Files

Gentoo Linux Security Advisory 201404-04: Posted Apr 7, 2014; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201404-4 - A vulnerability in Crack might allow remote attackers to execute arbitrary code. Versions less than 0.3.2 are affected.; tags | advisory, remote, arbitrary; systems | linux, gentoo; advisories | CVE-2013-1800; SHA-256 | 787bea35901f30a270ecc027971222399b9ca460eb3dc5673b85b2518f5fce06; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 323 files
Ubuntu 71 files
Debian 21 files
LiquidWorm 12 files
Gentoo 8 files
Apple 6 files
Google Security Research 4 files
Spencer McIntyre 3 files
Jann Horn 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,172)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,112)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,459)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,018)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2013-1800

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems