FreeBSD : ruby -- Heap Overflow in Floating Point Parsing (cc9043cf-7f7a-426e-b2cc-8d1980618113)
Medium Nessus Plugin ID 71072
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionRuby developers report :
Any time a string is converted to a floating point value, a specially crafted string can cause a heap overflow. This can lead to a denial of service attack via segmentation faults and possibly arbitrary code execution. Any program that converts input of unknown origin to floating point values (especially common when accepting JSON) are vulnerable.
SolutionUpdate the affected packages.