Overview

CVE-2013-4164 (Heap overflow in floating point parsing in Ruby)

  • Posted December 26, 2013

  • Assessed Risk Level: Medium

Converting strings of unknown origin to floating point values can cause heap overflow and allow attackers to create denial of service attacks.

Status

  • Affected Version: Puppet Enterprise 2.x, 3.x
  • Resolved in Puppet Enterprise 2.8.4 and 3.1.1