FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-24 18:35:25 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
cc9043cf-7f7a-426e-b2cc-8d1980618113	ruby -- Heap Overflow in Floating Point Parsing Ruby developers report: Any time a string is converted to a floating point value, a specially crafted string can cause a heap overflow. This can lead to a denial of service attack via segmentation faults and possibly arbitrary code execution. Any program that converts input of unknown origin to floating point values (especially common when accepting JSON) are vulnerable. Discovery 2013-11-22 Entry 2013-11-23 ruby19 < 1.9.3.484,1 ruby20 < 2.0.0.353,1 https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released/ https://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-released/ CVE-2013-4164
ebd877b9-7ef4-4375-b1fd-c67780581898	ruby -- Hostname check bypassing vulnerability in SSL client Ruby Developers report: Ruby's SSL client implements hostname identity check but it does not properly handle hostnames in the certificate that contain null bytes. Discovery 2013-06-27 Entry 2013-07-11 Modified 2013-09-24 ruby19 < 1.9.3.448,1 ruby18 < 1.8.7.374,1 CVE-2013-4073 http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/

VuXML ID

Description

cc9043cf-7f7a-426e-b2cc-8d1980618113

ruby -- Heap Overflow in Floating Point Parsing

Ruby developers report:

Any time a string is converted to a floating point value, a specially crafted string can cause a heap overflow. This can lead to a denial of service attack via segmentation faults and possibly arbitrary code execution. Any program that converts input of unknown origin to floating point values (especially common when accepting JSON) are vulnerable.

Discovery 2013-11-22
Entry 2013-11-23
ruby19

< 1.9.3.484,1

ruby20

< 2.0.0.353,1

https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released/
https://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-released/
CVE-2013-4164

ebd877b9-7ef4-4375-b1fd-c67780581898

ruby -- Hostname check bypassing vulnerability in SSL client

Ruby Developers report:

Ruby's SSL client implements hostname identity check but it does not properly handle hostnames in the certificate that contain null bytes.

Discovery 2013-06-27
Entry 2013-07-11
Modified 2013-09-24
ruby19

< 1.9.3.448,1

ruby18

< 1.8.7.374,1

CVE-2013-4073
http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/