Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2014-3916

Published: 16 November 2014

The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string.

Notes

AuthorNote
jdstrand
per Debian, only exploitable on Windows
mdeslaur
we aren't going to release an update for this
Priority

Negligible

Status

Package Release Status
ruby1.8
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise Ignored

saucy Ignored
(reached end-of-life)
trusty Does not exist

upstream Needs triage

utopic Does not exist

ruby1.9.1
Launchpad, Ubuntu, Debian
lucid Ignored

precise Ignored

saucy Ignored
(reached end-of-life)
trusty Does not exist
(trusty was ignored)
upstream Needs triage

utopic Ignored

ruby2.0
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

saucy Ignored
(reached end-of-life)
trusty Does not exist
(trusty was ignored)
upstream Needs triage

utopic Ignored

ruby2.1
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

saucy Does not exist

trusty Does not exist

upstream Needs triage

utopic Ignored