{"id":"MGASA-2013-0297","summary":"Updated ruby-RubyGems package fixes security vulnerabilies","details":"Updated ruby-RubyGems package fixes security vulnerability:\n\nRubyGems validates versions with a regular expression that is vulnerable to\ndenial of service due to a backtracking regular expression.  For specially\ncrafted RubyGems versions attackers can cause denial of service through CPU\nconsumption (CVE-2013-4287, CVE-2013-4363).\n","modified":"2026-02-04T04:15:10.103087Z","published":"2013-10-09T22:29:35Z","related":["CVE-2013-4287","CVE-2013-4363"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2013-0297.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=11276"},{"type":"REPORT","url":"http://blog.rubygems.org/2013/09/09/CVE-2013-4287.html"},{"type":"REPORT","url":"http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html"},{"type":"REPORT","url":"https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115886.html"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4287"}],"affected":[{"package":{"name":"ruby-RubyGems","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/ruby-RubyGems?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.27-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0297.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}