[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-4975Date: (C)2014-12-09   (M)2024-02-22


Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
BID-68474
DSA-3157
MDVSA-2015:129
RHSA-2014:1912
RHSA-2014:1913
RHSA-2014:1914
USN-2397-1
http://www.openwall.com/lists/oss-security/2014/07/09/13
http://advisories.mageia.org/MGASA-2014-0472.html
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=46778
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
https://bugs.ruby-lang.org/issues/10019
https://bugzilla.redhat.com/show_bug.cgi?id=1118158
ruby-cve20144975-bo(94706)

CPE    22
cpe:/o:redhat:enterprise_linux_hpc_node:7.0
cpe:/a:ruby-lang:ruby:2.1:preview1
cpe:/a:ruby-lang:ruby:2.0.0
cpe:/a:ruby-lang:ruby:2.0.0:rc2
...
CWE    1
CWE-119
OVAL    9
oval:org.secpod.oval:def:21814
oval:org.secpod.oval:def:203500
oval:org.secpod.oval:def:501469
oval:org.secpod.oval:def:601950
...

© SecPod Technologies