module
Ruby on Rails JSON Processor Floating Point Heap Overflow DoS
Disclosed | Created |
---|---|
Nov 22, 2013 | May 30, 2018 |
Disclosed
Nov 22, 2013
Created
May 30, 2018
Description
When Ruby attempts to convert a string representation of a large floating point
decimal number to its floating point equivalent, a heap-based buffer overflow
can be triggered. This module has been tested successfully on a Ruby on Rails application
using Ruby version 1.9.3-p448 with WebRick and Thin web servers, where the Rails application
crashes with a segfault error. Other versions of Ruby are reported to be affected.
decimal number to its floating point equivalent, a heap-based buffer overflow
can be triggered. This module has been tested successfully on a Ruby on Rails application
using Ruby version 1.9.3-p448 with WebRick and Thin web servers, where the Rails application
crashes with a segfault error. Other versions of Ruby are reported to be affected.
Authors
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.