Lucene search

K
osvGoogleOSV:DLA-200-1
HistoryApr 15, 2015 - 12:00 a.m.

ruby1.9.1 - security update

2015-04-1500:00:00
Google
osv.dev
7

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

  • CVE-2014-4975
    The encodes() function in pack.c had an off-by-one error that could
    lead to a stack-based buffer overflow. This could allow remote
    attackers to cause a denial of service (crash) or arbitrary code
    execution.
  • CVE-2014-8080,
    CVE-2014-8090
    The REXML parser could be coerced into allocating large string
    objects that could consume all available memory on the system. This
    could allow remote attackers to cause a denial of service (crash).

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N