Top
Welcome

The Ruby on Rails Security Project wants to make Rails (applications) more secure. Heiko Webers of bauland42 writes blog posts about Rails and security related topics and carries out security audits for your web applications. We have a free book for you, too. Contact Heiko at 42 -the AT sign- bauland42.de.

Search

Feeds / Syndication
Most Popular
« Two vulnerabilities fixed in Rails 2.3.4 | Main | Vulnerability in Rails 2.3 HTTP Authentication »
Wednesday
10Jun2009

DoS vulnerability in BigDecimal

DateWednesday, June 10, 2009 at 9:40AM

A Denial of Service (DoS) vulnerability was found in the BigDecimal standard Ruby library. An attacker could cause a segmentation fault and crash the Ruby interpreter. This is due to the BigDecimal method mishandling certain large values. Almost every Rails application is vulnerable to this because ActiveRecord relies on this method.

You are advised to update your Ruby installation. There is a temporary fix on Github. This fix breaks valid formats supported by BigDecimal, so you are advised to plan migrating to a new Ruby version.

AuthorHeiko | CommentPost a Comment |

PrintView Printer Friendly Version

EmailEmail Article to Friend

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>