CVEs-PoC/2008/CVE-2008-3443.md

### [CVE-2008-3443](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3443)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.

### POC

#### Reference
- http://securityreason.com/securityalert/4158
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9570
- https://www.exploit-db.com/exploits/6239

#### Github
No PoCs found on GitHub currently.