CVE-2014-3916

Sažetak

The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string.

Reference

http://seclists.org/oss-sec/2014/q2/362
http://seclists.org/oss-sec/2014/q2/375
http://www.securityfocus.com/bid/67705
https://bugs.ruby-lang.org/issues/9709
https://exchange.xforce.ibmcloud.com/vulnerabilities/93505

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

08-08-2019 - 14:43

Objavljeno

16-11-2014 - 17:59