ruby-lang Ruby 1.8.7-p249

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:ruby-lang:ruby:1.8.7:p249:*:*:*:*:*:*

part: a version: 1.8.7 update: p249

VendorRuby Lang (5813a634-c286-5f1d-90d5-a1a352f78d39)
ProductRuby (48f7c14c-c576-5b15-be87-22eeb9add91e)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/ruby/ruby purl2cpe 2026-06-01 10:11:45.541290
pkg:ruby-lang/ruby purl2cpe 2026-06-01 10:11:45.541291

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2013-4073 vulnerable 2026-06-03 14:33:09.460882 Details available
The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Published: 2013-08-18T01:00:00.000Z
Updated: 2024-08-06T16:30:49.912Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2012-4466 vulnerable 2026-06-03 14:32:19.078968 Details available
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.
Published: 2013-04-25T23:00:00.000Z
Updated: 2024-08-06T20:35:09.685Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.