Lucene search

K

Arch LinuxASA-201411-16

HistoryNov 17, 2014 - 12:00 a.m.

ruby: denial of service

2014-11-1700:00:00

Arch Linux

lists.archlinux.org

22

0.13 Low

EPSS

Percentile

95.6%

CPU exhaustion can occur as a result of recursive expansion with an
empty string. When reading text nodes from an XML document, the REXML
parser can be coerced into allocating extremely large string objects
which can consume all of the memory on a machine, causing a denial of
service.

OSVersionArchitecturePackageVersionFilename
anyanyanyruby< 2.1.5-1UNKNOWN

References

access.redhat.com/security/cve/CVE-2014-8090

www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/

0.13 Low

EPSS

Percentile

95.6%

Related for ASA-201411-16

nessus29 openvas20 securityvulns4 veracode1 ubuntu1 oraclelinux3 redhat4 centos2 debian4 amazon3 osv4 cve1 ubuntucve1 nvd1 mageia1 cvelist1 prion1 rubygems1 gentoo1