CVE-2013-1821
EPSS 25.7%ruby1.9.1 - several
Published: 5/17/2022Modified: 3/9/2026
Description
When reading text nodes from an XML document, the REXML parser can be coerced in to allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service. Jruby resolves this bug in version 1.7.3 as noted in https://www.jruby.org/2013/02/21/jruby-1-7-3.html
Affected packages (3)
- Debian/ruby1.8from 0, < 1.8.7.302-2squeeze2
- Debian/ruby1.9.1from 0, < 1.9.2.0-2+deb6u1
- Maven/org.jruby:jrubyfrom 0, < 1.7.3
References (19)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-1821
- PATCHhttps://github.com/jruby/jruby
- WEBhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525
- WEBhttp://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html
- WEBhttp://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html
- WEBhttp://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html
- WEBhttp://lists.opensuse.org/opensuse-updates/2013-04/msg00036.html
- WEBhttp://rhn.redhat.com/errata/RHSA-2013-1147.html
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=914716
- WEBhttp://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=39384
- WEBhttps://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0092
- WEBhttps://www.jruby.org/2013/02/21/jruby-1-7-3.html
- WEBhttp://www.debian.org/security/2013/dsa-2738
- WEBhttp://www.debian.org/security/2013/dsa-2809
- WEBhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:124
- WEBhttp://www.openwall.com/lists/oss-security/2013/03/06/5
- WEBhttp://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22
- WEBhttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862
- WEBhttp://www.ubuntu.com/usn/USN-1780-1