CVE-2013-1812

NameCVE-2013-1812
DescriptionThe ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs702217

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ruby-openid (PTS)buster, stretch2.7.0debian-1fixed
bullseye, sid2.9.2debian-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libopenid-rubysourcesqueeze2.1.8debian-1+squeeze1
libopenid-rubysource(unstable)(unfixed)702217
ruby-openidsource(unstable)2.1.8debian-6702217

Search for package or bug name: Reporting problems