Gentoo Logo

Ruby: Denial of Service issue


1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200411-23 / Ruby
Release Date November 16, 2004
Latest Revision November 16, 2004: 01
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
dev-lang/ruby < 1.8.2_pre3 revision >= 1.6.8-r12, >= 1.8.2_pre3 All supported architectures

Related bugreports: #69985


The CGI module in Ruby can be sent into an infinite loop, resulting in a Denial of Service condition.

2.  Impact Information


Ruby is an interpreted scripting language for quick and easy object-oriented programming. Ruby's CGI module can be used to build web applications.


Ruby's developers found and fixed an issue in the CGI module that can be triggered remotely and cause an infinite loop.


A remote attacker could trigger the vulnerability through an exposed Ruby web application and cause the server to use unnecessary CPU resources, potentially resulting in a Denial of Service.

3.  Resolution Information


There is no known workaround at this time.


All Ruby 1.6.x users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.6.8-r12"

All Ruby 1.8.x users should upgrade to the latest version:

Code Listing 3.2: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.2_pre3"

4.  References


Page updated November 16, 2004

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2015 Gentoo Foundation, Inc. Questions, Comments? Contact us.