Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2014-4975
HistoryNov 15, 2014 - 8:59 p.m.

CVE-2014-4975

2014-11-1520:59:01
CWE-119
[email protected]
web.nvd.nist.gov
1

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.2%

JSON

Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.

Affected configurations

NVD
Node
ruby-langrubyRange1.9.3
OR
ruby-langrubyMatch2.0
OR
ruby-langrubyMatch2.0.0
OR
ruby-langrubyMatch2.0.0p0
OR
ruby-langrubyMatch2.0.0p195
OR
ruby-langrubyMatch2.0.0p247
OR
ruby-langrubyMatch2.0.0preview1
OR
ruby-langrubyMatch2.0.0preview2
OR
ruby-langrubyMatch2.0.0rc1
OR
ruby-langrubyMatch2.0.0rc2
OR
ruby-langrubyMatch2.1-
OR
ruby-langrubyMatch2.1preview1
OR
ruby-langrubyMatch2.1.1
OR
ruby-langrubyMatch2.1.2
Node
redhatenterprise_linux_desktopMatch7.0
OR
redhatenterprise_linux_hpc_nodeMatch7.0
OR
redhatenterprise_linux_serverMatch7.0
OR
redhatenterprise_linux_workstationMatch7.0
Node
debiandebian_linuxMatch7.0
OR
debiandebian_linuxMatch8.0
Node
canonicalubuntu_linuxMatch12.04lts
OR
canonicalubuntu_linuxMatch14.04lts
OR
canonicalubuntu_linuxMatch14.10

Related

cvelist 1
openvas 12
ubuntucve 1
cve 1
veracode 1
prion 1
rubygems 1
nessus 15
fedora 1
ubuntu 1
osv 2
redhat 3
oraclelinux 2
mageia 1
debian 2
centos 1
securityvulns 1
suse 2
cvelist
cvelist
CVE-2014-4975
2014-11-15 20:00:00
openvas
openvas
Ruby 'encodes' function Denial-of-Service Vulnerability - Windows
2014-11-20 00:00:00
Ubuntu: Security Advisory (USN-2397-1)
2014-11-05 00:00:00
Oracle: Security Advisory (ELSA-2014-1913)
2016-02-05 00:00:00
ubuntucve
ubuntucve
CVE-2014-4975
2014-07-17 00:00:00
cve
cve
CVE-2014-4975
2014-11-15 20:59:01
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:03:14
prion
prion
Stack overflow
2014-11-15 20:59:00
rubygems
rubygems
CVE-2014-4975 ruby: off-by-one stack-based buffer overflow in the encodes() function
2014-07-09 00:00:00
nessus
nessus
Fedora 21 : ruby-2.1.4-24.fc21 (2014-14096)
2014-11-11 00:00:00
Ubuntu 14.04 LTS : Ruby vulnerabilities (USN-2397-1)
2014-11-05 00:00:00
Debian DLA-200-1 : ruby1.9.1 security update
2015-04-16 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: ruby-2.1.4-24.fc21
2014-11-10 06:32:27
ubuntu
ubuntu
Ruby vulnerabilities
2014-11-04 00:00:00
osv
osv
ruby1.9.1 - security update
2015-04-15 00:00:00
ruby1.9.1 - security update
2015-02-09 00:00:00
redhat
redhat
(RHSA-2014:1914) Moderate: ruby200-ruby security update
2014-11-26 00:00:00
(RHSA-2014:1913) Moderate: ruby193-ruby security update
2014-11-26 00:00:00
(RHSA-2014:1912) Moderate: ruby security update
2014-11-26 00:00:00
oraclelinux
oraclelinux
ruby193-ruby security update
2016-02-04 00:00:00
ruby security update
2014-11-26 00:00:00
mageia
mageia
Updated ruby packages fix security vulnerabilities
2014-11-21 15:44:16
debian
debian
[SECURITY] [DLA 200-1] ruby1.9.1 security update
2015-04-15 18:17:59
[SECURITY] [DSA 3157-1] ruby1.9.1 security update
2015-02-09 17:10:22
centos
centos
ruby, rubygem, rubygems security update
2014-12-01 13:45:48
securityvulns
securityvulns
Ruby DoS
2014-11-24 00:00:00
suse
suse
Security update for ruby2.1 (important)
2017-04-20 12:08:57
Security update for ruby2.1 (important)
2017-04-28 18:11:28

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.2%

JSON
Related for NVD:CVE-2014-4975
cvelist1openvas12ubuntucve1cve1veracode1prion1rubygems1nessus15fedora1ubuntu1osv2redhat3oraclelinux2mageia1debian2centos1securityvulns1suse2