Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-4975

Опубликовано: 09 июл. 2014
Источник: redhat
CVSS2: 2.6
EPSS Низкий

Описание

Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.

Отчет

This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5 and 6.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5mingw-rubyWill not fix
CloudForms Management Engine 5ruby193-rubyWill not fix
OpenShift Enterprise 1ruby193-rubyWill not fix
Red Hat Enterprise Linux 5rubyNot affected
Red Hat Enterprise Linux 6rubyNot affected
Red Hat OpenStack Platform 3ruby193-rubyWill not fix
Red Hat OpenStack Platform 4ruby193-rubyWill not fix
Red Hat Satellite 6rubygem-rakeNot affected
Red Hat Subscription Asset Managerruby193-rubyWill not fix
Red Hat Enterprise Linux 7rubyFixedRHSA-2014:191226.11.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-193->CWE-121
https://bugzilla.redhat.com/show_bug.cgi?id=1118158ruby: off-by-one stack-based buffer overflow in the encodes() function

EPSS

Процентиль: 86%
0.02908
Низкий

2.6 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-4975

ubuntu
почти 11 лет назад

Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.

nvd логотип

CVE-2014-4975

nvd
почти 11 лет назад

Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.

debian логотип

CVE-2014-4975

debian
почти 11 лет назад

Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and e ...

github логотип

GHSA-gxj7-mcpg-jpr6

github
больше 3 лет назад

Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.

oracle-oval логотип

ELSA-2014-1913

oracle-oval
больше 9 лет назад

ELSA-2014-1913: ruby193-ruby security update (MODERATE)

EPSS

Процентиль: 86%
0.02908
Низкий

2.6 Low

CVSS2