CVE-2014-4975

Опубликовано: 09 июл. 2014

Источник: redhat

CVSS2: 2.6

Описание

Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.

Отчет

This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5 and 6.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
CloudForms Management Engine 5	mingw-ruby	Will not fix
CloudForms Management Engine 5	ruby193-ruby	Will not fix
OpenShift Enterprise 1	ruby193-ruby	Will not fix
Red Hat Enterprise Linux 5	ruby	Not affected
Red Hat Enterprise Linux 6	ruby	Not affected
Red Hat OpenStack Platform 3	ruby193-ruby	Will not fix
Red Hat OpenStack Platform 4	ruby193-ruby	Will not fix
Red Hat Satellite 6	rubygem-rake	Not affected
Red Hat Subscription Asset Manager	ruby193-ruby	Will not fix
Red Hat Enterprise Linux 7	ruby	Fixed	RHSA-2014:1912	26.11.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-193->CWE-121

https://bugzilla.redhat.com/show_bug.cgi?id=1118158ruby: off-by-one stack-based buffer overflow in the encodes() function

2.6 Low

CVSS2

Связанные уязвимости

CVE-2014-4975

ubuntu

почти 11 лет назад

CVE-2014-4975

nvd

почти 11 лет назад

CVE-2014-4975

debian

почти 11 лет назад

Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and e ...

GHSA-gxj7-mcpg-jpr6

github

больше 3 лет назад

ELSA-2014-1913

oracle-oval

почти 10 лет назад

ELSA-2014-1913: ruby193-ruby security update (MODERATE)

2.6 Low

CVSS2