5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.5 Medium
AI Score
Confidence
High
0.13 Low
EPSS
Percentile
95.6%
Package : ruby1.9.1
Version : 1.9.2.0-2+deb6u3
CVE ID : CVE-2014-4975 CVE-2014-8080 CVE-2014-8090
CVE-2014-4975
The encodes() function in pack.c had an off-by-one error that could
lead to a stack-based buffer overflow. This could allow remote
attackers to cause a denial of service (crash) or arbitrary code
execution.
CVE-2014-8080, CVE-2014-8090
The REXML parser could be coerced into allocating large string
objects that could consume all available memory on the system. This
could allow remote attackers to cause a denial of service (crash).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | kfreebsd-amd64 | libruby1.8 | < 1.8.7.358-7.1+deb7u2 | libruby1.8_1.8.7.358-7.1+deb7u2_kfreebsd-amd64.deb |
Debian | 7 | kfreebsd-i386 | libruby1.9.1-dbg | < 1.9.3.194-8.1+deb7u3 | libruby1.9.1-dbg_1.9.3.194-8.1+deb7u3_kfreebsd-i386.deb |
Debian | 7 | kfreebsd-amd64 | libruby1.8-dbg | < 1.8.7.358-7.1+deb7u2 | libruby1.8-dbg_1.8.7.358-7.1+deb7u2_kfreebsd-amd64.deb |
Debian | 7 | s390 | libruby1.9.1-dbg | < 1.9.3.194-8.1+deb7u3 | libruby1.9.1-dbg_1.9.3.194-8.1+deb7u3_s390.deb |
Debian | 6 | amd64 | libtcltk-ruby1.8 | < 1.8.7.302-2squeeze3 | libtcltk-ruby1.8_1.8.7.302-2squeeze3_amd64.deb |
Debian | 7 | armel | libtcltk-ruby1.8 | < 1.8.7.358-7.1+deb7u2 | libtcltk-ruby1.8_1.8.7.358-7.1+deb7u2_armel.deb |
Debian | 7 | all | ri1.8 | < 1.8.7.358-7.1+deb7u2 | ri1.8_1.8.7.358-7.1+deb7u2_all.deb |
Debian | 6 | i386 | ruby1.8-dev | < 1.8.7.302-2squeeze3 | ruby1.8-dev_1.8.7.302-2squeeze3_i386.deb |
Debian | 7 | all | ruby1.8-full | < 1.8.7.358-7.1+deb7u2 | ruby1.8-full_1.8.7.358-7.1+deb7u2_all.deb |
Debian | 7 | i386 | libruby1.8-dbg | < 1.8.7.358-7.1+deb7u2 | libruby1.8-dbg_1.8.7.358-7.1+deb7u2_i386.deb |