CVE-2014-2734

Name of the Vulnerable Software and Affected Versions Ruby versions 2.x

Description The issue concerns the openssl extension in Ruby, which does not properly maintain the state of process memory after a file is reopened. This allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence of filesystem operations. The issue has been disputed by the Ruby OpenSSL team and third parties, who state that the original demonstration contains errors and redundant or unnecessarily-complex code.

Recommendations For Ruby version 2.x, at the moment, there is no information about a newer version that contains a fix for this issue.