CVE-2014-3916

The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string.

Published: Nov 16, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-3916
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-19

Affected Software
References

Software	From	Fixed in
rubyonrails / rails	1.9.3	1.9.3.x
rubyonrails / rails	2.1.0	2.1.0.x
rubyonrails / rails	2.0.0	2.0.0.x

http://seclists.org/oss-sec/2014/q2/362
http://seclists.org/oss-sec/2014/q2/375
http://www.securityfocus.com/bid/67705
https://bugs.ruby-lang.org/issues/9709
https://exchange.xforce.ibmcloud.com/vulnerabilities/93505

Vulnerability Database

289,697

CVE-2014-3916