CVE-2014-3916

NameCVE-2014-3916
DescriptionThe str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ruby2.1 (PTS)jessie2.1.5-2+deb8u3vulnerable
jessie (security)2.1.5-2+deb8u6vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ruby1.8source(unstable)(unfixed)unimportant
ruby1.9.1source(unstable)(unfixed)unimportant
ruby2.0source(unstable)(unfixed)unimportant
ruby2.1source(unstable)(unfixed)unimportant

Notes

Only exploitable on Windows

Search for package or bug name: Reporting problems