CVE-2014-3916Improper Restriction of Operations within the Bounds of a Memory Buffer in Rails

CWE-19CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
0.5%
top 34.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Rubyonrails Rails
Timeline
PublishedNov 16
Latest updateMay 14

Description

The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDrubyonrails/rails1.9.3, 2.0.0, 2.1.0+2

🔴Vulnerability Details

2
GHSA
GHSA-252h-69rw-g2rp: The str_buf_cat function in string2022-05-14
CVEList
CVE-2014-3916: The str_buf_cat function in string2014-11-16

📋Vendor Advisories

1
Red Hat
ruby: DoS via long string in str_buf_cat()2014-04-07

💬Community

1
Bugzilla
CVE-2014-3916 ruby: DoS via long string in str_buf_cat()2014-11-17
CVE-2014-3916 — Rubyonrails Rails vulnerability | cvebase