Vulnerability in Rubyonrails Rails

CVE-2014-3916

The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string.

EPSS: 0.005 (66.0th percentile) — read the EPSS interpretation.

Affected products

Rubyonrails Rails — versions 1.9.3, 2.0.0, 2.1.0
N/a — versions n/a

Weakness classification (CWE)

CWE-19

References

ruby-cve20143916-dos(93505) (vdb-entry, x_refsource_XF)
67705 (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_MISC, Vendor Advisory)
[oss-security] 20140529 Re: Fwd: [ruby-core:62800] [ruby-trunk - Bug #9709] Large string causes SEGV with x64-mingw32 (mailing-list, x_refsource_MLIST)
[oss-security] 20140527 Fwd: [ruby-core:62800] [ruby-trunk - Bug #9709] Large string causes SEGV with x64-mingw32 (mailing-list, x_refsource_MLIST)