2

I've recently heard about CVE-2013-4287, which can cause denial of service due to CPU consumption.

But earlier this year, I attended Hacking with Gems which showed all kinds of weird and wonderful things a hacker could do with a malicious gem.

If a malicious author could easily make a variety of exploits, why would they bother just with creating excessive CPU consumption?

Andrew Grimm
  • 2,100
  • 2
  • 20
  • 27

1 Answers1

2

You'd have to ask them, but most likely it's because the simplest and quickest way to demonstrate that the bug was somehow exploitable was the excessive CPU thing. Gets the point across without much work for the programmer.

tylerl
  • 82,225
  • 25
  • 148
  • 226