CVE-2014-3916

Severity

50%

Complexity

99%

Confidentiality

48%

The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string.

The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

Type

Ruby on Rails Rails

First reported 10 years ago

2014-11-16 17:59:00

Last updated 5 years ago

2019-08-08 14:43:00

Affected Software

Ruby on Rails Rails 1.9.3

1.9.3

Ruby on Rails Rails 2.0.0

2.0.0

Ruby on Rails Rails 2.1.0

2.1.0

References

[oss-security] 20140527 Fwd: [ruby-core:62800] [ruby-trunk - Bug #9709] Large string causes SEGV with x64-mingw32

[oss-security] 20140529 Re: Fwd: [ruby-core:62800] [ruby-trunk - Bug #9709] Large string causes SEGV with x64-mingw32

67705

https://bugs.ruby-lang.org/issues/9709

Vendor Advisory

ruby-cve20143916-dos(93505)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.