CVE-2014-2734

🗓️ 24 Apr 2014 23:55:05Reported by [email protected]Type

The Ruby 2.x openssl extension does not maintain process memory, allowing remote attackers to spoof signatures within the context of a script

Reporter	Title	Published	Views	Family All 11
CVE	CVE-2014-2734	24 Apr 201423:00	–	cve
Cvelist	CVE-2014-2734	24 Apr 201423:00	–	cvelist
OSV	BELL-CVE-2014-2734 CVE-2014-2734 does not affect BellSoft software	24 Apr 201423:55	–	osv
Prion	Design/Logic Flaw	24 Apr 201423:55	–	prion
Positive Technologies	PT-2013-2191 · Ruby +2 · Rdoc +3	1 Mar 201300:00	–	ptsecurity
Positive Technologies	PT-2014-4891 · Openssl +2 · Openssl +2	24 Apr 201400:00	–	ptsecurity
Positive Technologies	PT-2019-4673 · Puma +9 · Puma +10	3 Oct 201600:00	–	ptsecurity
Positive Technologies	PT-2020-3715 · Ruby +2 · Puma +2	3 Oct 201600:00	–	ptsecurity
seebug.org	Ruby OpenSSL CA私钥伪造漏洞	21 Apr 201400:00	–	seebug
SUSE CVE	SUSE CVE-2014-2734	15 Feb 202305:29	–	susecve

NVD

Node

ruby-lang rubyMatch2.0.0p195

ruby-lang rubyMatch2.0.0p247

ruby-lang rubyMatch2.0.0preview1

ruby-lang rubyMatch2.0.0preview2

ruby-lang rubyMatch2.0.0rc1

ruby-lang rubyMatch2.0.0rc2

ruby-lang rubyMatch2.1preview1

Source	Link
seclists	www.seclists.org/fulldisclosure/2014/May/13
osvdb	www.osvdb.org/106006
ruby-lang	www.ruby-lang.org/en/news/2014/05/09/dispute-of-vulnerability-cve-2014-2734/
news	www.news.ycombinator.com/item
securityfocus	www.securityfocus.com/bid/66956
seclists	www.seclists.org/fulldisclosure/2014/Apr/231
gist	www.gist.github.com/emboss/91696b56cd227c8a0c13
github	www.github.com/adrienthebo/cve-2014-2734/
packetstormsecurity	www.packetstormsecurity.com/files/126218/Ruby-OpenSSL-Private-Key-Spoofing.html
gist	www.gist.github.com/10446549

06 May 2026 22:30Current

6.7Medium risk

Vulners AI Score6.7

CVSS 25.8

EPSS0.05796