module
Ruby on Rails JSON Processor Floating Point Heap Overflow DoS
Disclosed | Created |
---|---|
2013-11-22 | 2018-05-30 |
Disclosed
2013-11-22
Created
2018-05-30
Description
When Ruby attempts to convert a string representation of a large floating point
decimal number to its floating point equivalent, a heap-based buffer overflow
can be triggered. This module has been tested successfully on a Ruby on Rails application
using Ruby version 1.9.3-p448 with WebRick and Thin web servers, where the Rails application
crashes with a segfault error. Other versions of Ruby are reported to be affected.
decimal number to its floating point equivalent, a heap-based buffer overflow
can be triggered. This module has been tested successfully on a Ruby on Rails application
using Ruby version 1.9.3-p448 with WebRick and Thin web servers, where the Rails application
crashes with a segfault error. Other versions of Ruby are reported to be affected.
Authors
Charlie Somerville
joev joev@metasploit.com
todb todb@metasploit.com
joev joev@metasploit.com
todb todb@metasploit.com
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.