4 matches found
CVE-2014-8080
CVE-2014-8080 affects the REXML XML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4, where specially crafted XML can cause a denial of service via XML Entity Expansion (XEE). Affected Ruby versions are vulnerable to memory (and CPU) exhaustion. Remediation ...
CVE-2014-4975
CVE-2014-4975 is an off-by-one stack-based buffer overflow in the encodes() function (pack.c) of Ruby 1.9.3 and earlier, and 2.x through 2.1.2, triggered by certain format string specifiers. This can cause a denial of service via segmentation fault. Connected advisories note this Ruby pack() issu...
CVE-2014-8090
The CVE-2014-8090 issue is a vulnerability in Ruby’s REXML XML parser that can be exploited via crafted XML documents containing an empty string in repeated nested entities, causing CPU and memory exhaustion (XEE). Affected are Ruby 1.9.x before 1.9.3 patchlevel 551, Ruby 2.0.x before 2.0.0 patch...
CVE-2014-2734
The CVE-2014-2734 entry concerns the Ruby OpenSSL extension in Ruby 2.x, where the process memory state may not be correctly maintained after reopening a file, enabling remote attackers to spoof signatures during signature verification after specific filesystem operations. SUSE/PT-2019-4673 and P...