--- layout: page title: June 2009 Archives ---

DoS vulnerability in BigDecimal

A denial of service (DoS) vulnerability was found on the BigDecimal standard library of Ruby. Conversion from BigDecimal objects into Float numbers had a problem which enables attackers to effectively cause segmentation faults.

ActiveRecord relies on this method, so most Rails applications are affected by this. Though this is not a Rails-specific issue.

Continue Reading…

Posted by Urabe Shyouhei on 09 Jun 2009

<< Back to 2009 Archives