oss-sec mailing list archives

Re: libjson-ruby: catastrophic backtracking

From: Josh Bressers <bressers () redhat com>
Date: Wed, 11 Nov 2009 20:07:29 -0500 (EST)


----- "Michael Gilbert" <michael.s.gilbert () gmail com> wrote:

hi all,

should a cve id be issued for the following "catastrophic
backtracking" issue in libjson-ruby?

http://rubyforge.org/frs/shownotes.php?release_id=36363
http://bugs.debian.org/555516 (note two separate issues fixed there)


Can someone elaborate on what "catastrophic backtracking" means? Is this a DoS?

Thanks.

-- 
    JB

Current thread:

libjson-ruby: catastrophic backtracking Michael Gilbert (Nov 10)
- Re: libjson-ruby: catastrophic backtracking Josh Bressers (Nov 11)