PT-2014-6238 · Ruby+5 · Ruby+5

Published

2014-07-17

Updated

2017-08-29

CVE-2014-4975

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Ruby versions 1.9.3 and earlier Ruby versions 2.x through 2.1.2

Description The issue is related to an off-by-one error in the encodes function in pack.c. This error can be triggered when using certain format string specifiers, allowing attackers to cause a denial of service, specifically a segmentation fault, via vectors that trigger a stack-based buffer overflow.

Recommendations For Ruby versions 1.9.3 and earlier, update to a version later than 1.9.3 to resolve the issue. For Ruby versions 2.x through 2.1.2, update to a version later than 2.1.2 to resolve the issue.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2016-2061

CESA-2014_1912

CVE-2014-4975

DLA-200-1

DSA-3157-1

MGASA-2014-0472

OPENSUSE-SU-2017_1128-1

RHSA-2014:1912

RHSA-2014:1913

RHSA-2014:1914

RHSA-2014_1912

RHSA-2026:7305

RHSA-2026:7307

RHSA-2026:8838

SUSE-SU-2017:1067-1

SUSE-SU-2017_1067-1

USN-2397-1

Affected Products

Alt Linux

Centos

Red Hat

Ruby

Suse

Ubuntu

PT-2014-6238 · Ruby+5 · Ruby+5

CVE-2014-4975

Weakness Enumeration

Related Identifiers

Affected Products

References · 47