FreeBSD : ruby-gems -- Algorithmic Complexity Vulnerability (742eb9e4-e3cb-4f5a-b94e-0e9a39420600)
Medium Nessus Plugin ID 71071
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionRuby Gem developers report :
The patch for CVE-2013-4363 was insufficiently verified so the combined regular expression for verifying gem version remains vulnerable following CVE-2013-4363.
RubyGems validates versions with a regular expression that is vulnerable to denial of service due to backtracking. For specially crafted RubyGems versions attackers can cause denial of service through CPU consumption.
SolutionUpdate the affected packages.