5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.154 Low
EPSS
Percentile
95.8%
Package : ruby1.9.1
Version : 1.9.2.0-2+deb6u3
CVE ID : CVE-2014-4975 CVE-2014-8080 CVE-2014-8090
CVE-2014-4975
The encodes() function in pack.c had an off-by-one error that could
lead to a stack-based buffer overflow. This could allow remote
attackers to cause a denial of service (crash) or arbitrary code
execution.
CVE-2014-8080, CVE-2014-8090
The REXML parser could be coerced into allocating large string
objects that could consume all available memory on the system. This
could allow remote attackers to cause a denial of service (crash).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | s390 | libruby1.8-dbg | <Â 1.8.7.358-7.1+deb7u2 | libruby1.8-dbg_1.8.7.358-7.1+deb7u2_s390.deb |
Debian | 7 | armhf | ruby1.8-dev | <Â 1.8.7.358-7.1+deb7u2 | ruby1.8-dev_1.8.7.358-7.1+deb7u2_armhf.deb |
Debian | 6 | i386 | libruby1.9.1-dbg | <Â 1.9.2.0-2+deb6u3 | libruby1.9.1-dbg_1.9.2.0-2+deb6u3_i386.deb |
Debian | 7 | kfreebsd-i386 | ruby1.9.1-dev | <Â 1.9.3.194-8.1+deb7u3 | ruby1.9.1-dev_1.9.3.194-8.1+deb7u3_kfreebsd-i386.deb |
Debian | 7 | s390x | ruby1.9.1-dev | <Â 1.9.3.194-8.1+deb7u3 | ruby1.9.1-dev_1.9.3.194-8.1+deb7u3_s390x.deb |
Debian | 7 | i386 | libruby1.8 | <Â 1.8.7.358-7.1+deb7u2 | libruby1.8_1.8.7.358-7.1+deb7u2_i386.deb |
Debian | 7 | i386 | libruby1.8-dbg | <Â 1.8.7.358-7.1+deb7u2 | libruby1.8-dbg_1.8.7.358-7.1+deb7u2_i386.deb |
Debian | 7 | all | ruby1.8-full | <Â 1.8.7.358-7.1+deb7u2 | ruby1.8-full_1.8.7.358-7.1+deb7u2_all.deb |
Debian | 7 | kfreebsd-i386 | ruby1.8 | <Â 1.8.7.358-7.1+deb7u2 | ruby1.8_1.8.7.358-7.1+deb7u2_kfreebsd-i386.deb |
Debian | 6 | i386 | ruby1.9.1-dev | <Â 1.9.2.0-2+deb6u3 | ruby1.9.1-dev_1.9.2.0-2+deb6u3_i386.deb |