Sha256: 901b4d4ec9c32d612e3ad1f212b538f75b64650bc0765f85ec66c69abf1d23f0

Contents?: true

Size: 608 Bytes

Versions: 6

Compression:

Stored size: 608 Bytes

Contents

---
engine: ruby
cve: 2014-4975
osvdb: 108971
url: http://www.osvdb.org/show/osvdb/108971
title: Ruby pack.c encodes() Function Remote Stack Buffer Overflow
date: 2014-07-09
description: |
  Ruby contains an overflow condition in the encodes() function in pack.c. The
  issue is triggered as user-supplied input is not properly validated when
  allocating buffer lengths. This may allow a remote attacker to cause a
  stack-based buffer overflow, resulting in a denial of service or potentially
  allowing the execution of arbitrary code.
cvss_v2: 5.0
patched_versions:
  - ~> 2.1.3
  - ">= 2.2.0.preview.1"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/rubies/ruby/CVE-2014-4975.yml
bundler-budit-0.6.2 data/ruby-advisory-db/rubies/ruby/OSVDB-108971.yml
bundler-budit-0.6.1 data/ruby-advisory-db/rubies/ruby/OSVDB-108971.yml
bundler-audit-0.6.1 data/ruby-advisory-db/rubies/ruby/OSVDB-108971.yml
bundler-audit-0.6.0 data/ruby-advisory-db/rubies/ruby/OSVDB-108971.yml
bundler-audit-0.5.0 data/ruby-advisory-db/rubies/ruby/OSVDB-108971.yml