Vulnerability/
CVE-2014-4975

5

CWE

119

10/7/2014

15/11/2014

6/8/2024

CVE-2014-4975: Buffer Overflow

First published: Thu Jul 10 2014(Updated: )

A possible stack-based buffer overflow flaw was reported in the Ruby encodes() function from pack.c. From the bug report, this function may be used on data received from a server, and could be triggered remotely. As the affected stack buffer is a static size on the stack, FORTIFY_SOURCE may help mitigate this issue to only be a denial of service. The original report suggests older versions (such as 1.9.3) are not affected. Bug report: <a href="https://bugs.ruby-lang.org/issues/10019">https://bugs.ruby-lang.org/issues/10019</a> CVE request: <a href="http://www.openwall.com/lists/oss-security/2014/07/09/13">http://www.openwall.com/lists/oss-security/2014/07/09/13</a>

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Ruby-lang Ruby	<=1.9.3
Ruby-lang Ruby	=2.0
Ruby-lang Ruby	=2.0.0
Ruby-lang Ruby	=2.0.0-p0
Ruby-lang Ruby	=2.0.0-p195
Ruby-lang Ruby	=2.0.0-p247
Ruby-lang Ruby	=2.0.0-preview1
Ruby-lang Ruby	=2.0.0-preview2
Ruby-lang Ruby	=2.0.0-rc1
Ruby-lang Ruby	=2.0.0-rc2
Ruby-lang Ruby	=2.1
Ruby-lang Ruby	=2.1-preview1
Ruby-lang Ruby	=2.1.1
Ruby-lang Ruby	=2.1.2
Redhat Enterprise Linux Desktop	=7.0
Redhat Enterprise Linux Hpc Node	=7.0
Redhat Enterprise Linux Server	=7.0
Redhat Enterprise Linux Workstation	=7.0
Debian Debian Linux	=7.0
Debian Debian Linux	=8.0
Canonical Ubuntu Linux	=12.04
Canonical Ubuntu Linux	=14.04
Canonical Ubuntu Linux	=14.10

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Example email

Reference Links

collector/nvd-index
agent/author
agent/type
agent/tags
agent/event
agent/softwarecombine
agent/first-publish-date
agent/weakness
agent/severity
agent/last-modified-date
agent/references
agent/description
collector/mitre-cve
source/MITRE
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2014-4975
vendor/ruby-lang
canonical/ruby-lang ruby
version/ruby-lang ruby/1.9.3
version/ruby-lang ruby/2.0
version/ruby-lang ruby/2.0.0
version/ruby-lang ruby/2.0.0-p0
version/ruby-lang ruby/2.0.0-p195
version/ruby-lang ruby/2.0.0-p247
version/ruby-lang ruby/2.0.0-preview1
version/ruby-lang ruby/2.0.0-preview2
version/ruby-lang ruby/2.0.0-rc1
version/ruby-lang ruby/2.0.0-rc2
version/ruby-lang ruby/2.1
version/ruby-lang ruby/2.1-preview1
version/ruby-lang ruby/2.1.1
version/ruby-lang ruby/2.1.2
vendor/redhat
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux hpc node
version/redhat enterprise linux hpc node/7.0
canonical/redhat enterprise linux server
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/7.0
vendor/debian
canonical/debian debian linux
version/debian debian linux/7.0
version/debian debian linux/8.0
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/12.04
version/canonical ubuntu linux/14.04
version/canonical ubuntu linux/14.10

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203