---
engine: ruby
cve: 2014-3916
osvdb: 107478
url: http://www.osvdb.org/show/osvdb/107478
title: Ruby string.c str_buf_cat() Function Crafted String Handling Remote DoS
date: 2014-04-07
description: |
  Ruby contains a flaw in the str_buf_cat() function in string.c that is
  triggered when handling an overly long string. This may allow a remote
  attacker to cause a denial of service.
cvss_v2: 5.0
patched_versions:
  - ~> 2.0.0.576
  - ~> 2.1.3
  - ">= 2.2.0.preview.1"