// For flags

CVE-2008-3443

Ruby 1.9 - regex engine Remote Socket Memory Leak

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.

El motor de expresiones regulares (regex.c) en Ruby 1.8.5 y anteriores, 1.8.6 a través de p286-1.8.6, 1.8.7 a través de 1.8.7-p71, y 1.9 a través de r18423 permite a atacantes remotos provocar una denegación de servicio (bucle infinito y caida) a través de múltiples peticiones largas a un socket de Ruby. Esta denegación de servicio esta relacionada con un fallo en la asignación de memoria, como se ha demostrado contra Webrick.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-08-01 CVE Reserved
  • 2008-08-14 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-399: Resource Management Errors
CAPEC
References (28)
URL Tag Source
http://secunia.com/advisories/31430 Third Party Advisory
http://secunia.com/advisories/32165 Third Party Advisory
http://secunia.com/advisories/32219 Third Party Advisory
http://secunia.com/advisories/32371 Third Party Advisory
http://secunia.com/advisories/32372 Third Party Advisory
http://secunia.com/advisories/33185 Third Party Advisory
http://secunia.com/advisories/33398 Third Party Advisory
http://secunia.com/advisories/35074 Third Party Advisory
http://securityreason.com/securityalert/4158 Third Party Advisory
http://support.apple.com/kb/HT3549 X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm X_refsource_confirm
http://www.securityfocus.com/bid/30682 Vdb Entry
http://www.securitytracker.com/id?1021075 Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA09-133A.html Third Party Advisory
http://www.vupen.com/english/advisories/2009/1297 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/44688 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9570 Signature
URL Date SRC
https://www.exploit-db.com/exploits/6239 2024-08-07
URL Date SRC
URL Date SRC
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html 2018-10-03
http://www.debian.org/security/2009/dsa-1695 2018-10-03
http://www.redhat.com/support/errata/RHSA-2008-0895.html 2018-10-03
http://www.redhat.com/support/errata/RHSA-2008-0897.html 2018-10-03
https://usn.ubuntu.com/651-1 2018-10-03
https://usn.ubuntu.com/691-1 2018-10-03
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html 2018-10-03
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html 2018-10-03
https://access.redhat.com/security/cve/CVE-2008-3443 2008-10-21
https://bugzilla.redhat.com/show_bug.cgi?id=459266 2008-10-21
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.6.8
Search vendor "Ruby-lang" for product "Ruby" and version "1.6.8"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.0
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.0"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.1
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.1"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.1
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.1"
-9
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.2
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.2"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.2
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.2"
preview2
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.2
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.2"
preview3
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.2
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.2"
preview4
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.3
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.3"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.3
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.3"
preview1
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.3
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.3"
preview2
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.3
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.3"
preview3
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.4
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.4"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.4
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.4"
preview1
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.4
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.4"
preview2
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.4
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.4"
preview3
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.5
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.5"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.5
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.5"
p11
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.5
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.5"
p113
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.5
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.5"
p114
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.5
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.5"
p115
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.5
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.5"
p12
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.5
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.5"
p2
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.5
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.5"
p231
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.5
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.5"
p35
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.5
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.5"
p52
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.5
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.5"
preview1
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.5
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.5"
preview2
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.5
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.5"
preview3
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.5
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.5"
preview4
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.5
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.5"
preview5
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.6
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.6"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.6
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.6"
p110
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.6
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.6"
p111
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.6
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.6"
p114
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.6
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.6"
p230
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.6
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.6"
p286
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.6
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.6"
p36
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.6
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.6"
preview1
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.6
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.6"
preview2
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.6
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.6"
preview3
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.7
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.7
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7"
p17
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.7
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7"
p22
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.7
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7"
p71
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.7
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7"
preview1
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.7
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7"
preview2
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.7
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7"
preview3
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.8.7
Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7"
preview4
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.9.0
Search vendor "Ruby-lang" for product "Ruby" and version "1.9.0"
-
Affected
Ruby-lang
Search vendor "Ruby-lang"
 Ruby
Search vendor "Ruby-lang" for product "Ruby"
 1.9.0
Search vendor "Ruby-lang" for product "Ruby" and version "1.9.0"
r18423
Affected