DSA-3157-1 ruby1.9.1 -- ruby1.9.1ID: oval:org.secpod.oval:def:601950 | Date: (C)2015-02-13 (M)2024-02-19 |
Class: PATCH | Family: unix |
Multiple vulnerabilities were discovered in the interpreter for the Ruby language: CVE-2014-4975 The encodes function in pack.c had an off-by-one error that could lead to a stack-based buffer overflow. This could allow remote attackers to cause a denial of service or arbitrary code execution. CVE-2014-8080, CVE-2014-8090 The REXML parser could be coerced into allocating large string objects that could consume all available memory on the system. This could allow remote attackers to cause a denial of service .