FreeBSD : ruby -- BigDecimal denial of service vulnerability (62e0fbe5-5798-11de-bb78-001cc0377035)
Medium Nessus Plugin ID 39375
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionThe official ruby site reports :
A denial of service (DoS) vulnerability was found on the BigDecimal standard library of Ruby. Conversion from BigDecimal objects into Float numbers had a problem which enables attackers to effectively cause segmentation faults.
An attacker can cause a denial of service by causing BigDecimal to parse an insanely large number, such as :
SolutionUpdate the affected packages.