1 = Algorithmic complexity vulnerability in RubyGems 2.0.7 and older
3 RubyGems validates versions with a regular expression that is vulnerable to
4 denial of service due to backtracking. For specially crafted RubyGems
5 versions attackers can cause denial of service through CPU consumption.
7 RubyGems versions 2.0.7 and older, 2.1.0.rc.1 and 2.1.0.rc.2 are vulnerable.
9 Ruby versions 1.9.0 through 2.0.0p247 are vulnerable as they contain embedded
12 It does not appear to be possible to exploit this vulnerability by installing a
13 gem for RubyGems 1.8.x or 2.0.x. Vulnerable uses of RubyGems API include
14 packaging a gem (through `gem build`, Gem::Package or Gem::PackageTask),
15 sending user input to Gem::Version.new, Gem::Version.correct? or use of the
16 Gem::Version::VERSION_PATTERN or Gem::Version::ANCHORED_VERSION_PATTERN
19 Notably, users of bundler that install gems from git are vulnerable if a
20 malicious author changes the gemspec to an invalid version.
22 The vulnerability can be fixed by changing the first grouping to an atomic
23 grouping in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb. For
26 - VERSION_PATTERN = '[0-9]+(\.[0-9a-zA-Z]+)*(-[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?' # :nodoc:
27 + VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*(-[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?' # :nodoc:
31 - VERSION_PATTERN = '[0-9]+(\.[0-9a-zA-Z]+)*' # :nodoc:
32 + VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*' # :nodoc:
34 This vulnerability was discovered by Damir Sharipov <dammer2k@gmail.com>