CVE-2014-4975
Description
Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.
Risk Information
Base Score
7.5
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
3.449
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Object-oriented scripting language (USN-2397-1) ruby2.0_2.0.0.484-1ubuntu2.2_i386.deb | Linux |
| Object-oriented scripting language (USN-2397-1) ruby2.0_2.0.0.484-1ubuntu2.2_amd64.deb | Linux |
| Object-oriented scripting language (USN-2397-1) ruby1.9.1_1.9.3.484-2ubuntu1.2_i386.deb | Linux |
| Object-oriented scripting language (USN-2397-1) ruby1.9.1_1.9.3.484-2ubuntu1.2_amd64.deb | Linux |
| Object-oriented scripting language (USN-2397-1) libruby2.0_2.0.0.484-1ubuntu2.2_i386.deb | Linux |
| Object-oriented scripting language (USN-2397-1) libruby2.0_2.0.0.484-1ubuntu2.2_amd64.deb | Linux |
| Object-oriented scripting language (USN-2397-1) libruby1.9.1_1.9.3.484-2ubuntu1.2_i386.deb | Linux |
| Object-oriented scripting language (USN-2397-1) libruby1.9.1_1.9.3.484-2ubuntu1.2_amd64.deb | Linux |
| Interpreter of object-oriented scripting language Ruby (USN-3528-1) ruby1.9.1_1.9.3.484-2ubuntu1.10_i386.deb | Linux |
| Interpreter of object-oriented scripting language Ruby (USN-3528-1) ruby1.9.1_1.9.3.484-2ubuntu1.10_amd64.deb | Linux |
| Interpreter of object-oriented scripting language Ruby (USN-3528-1) ruby1.9.3_1.9.3.484-2ubuntu1.10_all.deb | Linux |
| Interpreter of object-oriented scripting language Ruby (USN-3528-1) libruby1.9.1_1.9.3.484-2ubuntu1.10_i386.deb | Linux |
| Interpreter of object-oriented scripting language Ruby (USN-3528-1) libruby1.9.1_1.9.3.484-2ubuntu1.10_amd64.deb | Linux |
| Object-oriented scripting language (USN-3621-1) libruby1.9.1_1.9.3.484-2ubuntu1.12_i386.deb | Linux |
| Object-oriented scripting language (USN-3621-1) libruby1.9.1_1.9.3.484-2ubuntu1.13_i386.deb | Linux |
| Object-oriented scripting language (USN-3621-1) ruby1.9.1_1.9.3.484-2ubuntu1.11_i386.deb | Linux |
| Object-oriented scripting language (USN-3621-1) ruby1.9.1_1.9.3.484-2ubuntu1.11_amd64.deb | Linux |
| Object-oriented scripting language (USN-3621-1) ruby1.9.3_1.9.3.484-2ubuntu1.11_all.deb | Linux |
| Object-oriented scripting language (USN-3621-2) ruby2.0_2.0.0.484-1ubuntu2.10_amd64.deb | Linux |
| Object-oriented scripting language (USN-3621-2) ruby2.0_2.0.0.484-1ubuntu2.10_i386.deb | Linux |
| Object-oriented scripting language (USN-3621-2) ruby1.9.1_1.9.3.484-2ubuntu1.12_amd64.deb | Linux |
| Object-oriented scripting language (USN-3621-2) ruby1.9.1_1.9.3.484-2ubuntu1.12_i386.deb | Linux |
| Object-oriented scripting language (USN-3621-2) ruby1.9.3_1.9.3.484-2ubuntu1.12_all.deb | Linux |
| Object-oriented scripting language (USN-3621-2) libruby2.0_2.0.0.484-1ubuntu2.10_amd64.deb | Linux |
| Object-oriented scripting language (USN-3621-2) libruby2.0_2.0.0.484-1ubuntu2.10_i386.deb | Linux |
| Object-oriented scripting language (USN-3621-2) libruby1.9.1_1.9.3.484-2ubuntu1.10_i386.deb | Linux |
| (RHSA-2014:1912) Moderate: ruby security update ruby-2.0.0.353-22.el7_0.x86_64.rpm | Linux |
| (RHSA-2014:1912) Moderate: ruby security update ruby-devel-2.0.0.353-22.el7_0.x86_64.rpm | Linux |
| (RHSA-2014:1912) Moderate: ruby security update ruby-doc-2.0.0.353-22.el7_0.noarch.rpm | Linux |
| (RHSA-2014:1912) Moderate: ruby security update ruby-irb-2.0.0.353-22.el7_0.noarch.rpm | Linux |
| (RHSA-2014:1912) Moderate: ruby security update ruby-libs-2.0.0.353-22.el7_0.i686.rpm | Linux |
| (RHSA-2014:1912) Moderate: ruby security update ruby-libs-2.0.0.353-22.el7_0.x86_64.rpm | Linux |
| (RHSA-2014:1912) Moderate: ruby security update ruby-tcltk-2.0.0.353-22.el7_0.x86_64.rpm | Linux |
| (RHSA-2014:1912) Moderate: ruby security update rubygem-bigdecimal-1.2.0-22.el7_0.x86_64.rpm | Linux |
| (RHSA-2014:1912) Moderate: ruby security update rubygem-io-console-0.4.2-22.el7_0.x86_64.rpm | Linux |
| (RHSA-2014:1912) Moderate: ruby security update rubygem-json-1.7.7-22.el7_0.x86_64.rpm | Linux |
| (RHSA-2014:1912) Moderate: ruby security update rubygem-minitest-4.3.2-22.el7_0.noarch.rpm | Linux |
| (RHSA-2014:1912) Moderate: ruby security update rubygem-psych-2.0.0-22.el7_0.x86_64.rpm | Linux |
| (RHSA-2014:1912) Moderate: ruby security update rubygem-rake-0.9.6-22.el7_0.noarch.rpm | Linux |
| (RHSA-2014:1912) Moderate: ruby security update rubygem-rdoc-4.0.0-22.el7_0.noarch.rpm | Linux |
| (RHSA-2014:1912) Moderate: ruby security update rubygems-2.0.14-22.el7_0.noarch.rpm | Linux |
| (RHSA-2014:1912) Moderate: ruby security update rubygems-devel-2.0.14-22.el7_0.noarch.rpm | Linux |
| SUSE-SU-2017:1067-1(SUSE Linux Enterprise Desktop 12-SP1 ) libruby2_1-2_1-2.1.9-15.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1067-1(SUSE Linux Enterprise Desktop 12-SP1 ) libruby2_1-2_1-debuginfo-2.1.9-15.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1067-1(SUSE Linux Enterprise Desktop 12-SP1 ) ruby2.1-2.1.9-15.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1067-1(SUSE Linux Enterprise Desktop 12-SP1 ) ruby2.1-debuginfo-2.1.9-15.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1067-1(SUSE Linux Enterprise Desktop 12-SP1 ) ruby2.1-debugsource-2.1.9-15.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1067-1(SUSE Linux Enterprise Desktop 12-SP1 ) ruby2.1-stdlib-2.1.9-15.1.x86_64.rpm | Linux |
| SUSE-SU-2017:1067-1(SUSE Linux Enterprise Desktop 12-SP1 ) ruby2.1-stdlib-debuginfo-2.1.9-15.1.x86_64.rpm | Linux |
| Ruby193-ruby update (ELSA-2014-1913) ruby193-ruby-1.9.3.484-50.0.1.el6.x86_64.rpm | Linux |
| Ruby193-ruby-devel update (ELSA-2014-1913) ruby193-ruby-devel-1.9.3.484-50.0.1.el6.x86_64.rpm | Linux |
| Ruby193-ruby-doc update (ELSA-2014-1913) ruby193-ruby-doc-1.9.3.484-50.0.1.el6.x86_64.rpm | Linux |
| Ruby193-ruby-libs update (ELSA-2014-1913) ruby193-ruby-libs-1.9.3.484-50.0.1.el6.x86_64.rpm | Linux |
| Ruby193-ruby-tcltk update (ELSA-2014-1913) ruby193-ruby-tcltk-1.9.3.484-50.0.1.el6.x86_64.rpm | Linux |
| Ruby193-rubygem-bigdecimal update (ELSA-2014-1913) ruby193-rubygem-bigdecimal-1.1.0-50.0.1.el6.x86_64.rpm | Linux |
| Ruby193-rubygem-io-console update (ELSA-2014-1913) ruby193-rubygem-io-console-0.3-50.0.1.el6.x86_64.rpm | Linux |
| Ruby193-rubygem-json update (ELSA-2014-1913) ruby193-rubygem-json-1.5.5-50.0.1.el6.x86_64.rpm | Linux |
| Ruby193-rubygem-rdoc update (ELSA-2014-1913) ruby193-rubygem-rdoc-3.9.5-50.0.1.el6.x86_64.rpm | Linux |
| Ruby193-ruby-irb update (ELSA-2014-1913) ruby193-ruby-irb-1.9.3.484-50.0.1.el6.noarch.rpm | Linux |
| Ruby193-rubygem-minitest update (ELSA-2014-1913) ruby193-rubygem-minitest-2.5.1-50.0.1.el6.noarch.rpm | Linux |
| Ruby193-rubygem-rake update (ELSA-2014-1913) ruby193-rubygem-rake-0.9.2.2-50.0.1.el6.noarch.rpm | Linux |
| Ruby193-rubygems update (ELSA-2014-1913) ruby193-rubygems-1.8.23-50.0.1.el6.noarch.rpm | Linux |
| Ruby193-rubygems-devel update (ELSA-2014-1913) ruby193-rubygems-devel-1.8.23-50.0.1.el6.noarch.rpm | Linux |
| (CESA-2014:1912) Moderate: ruby security update ruby-2.0.0.353-22.el7_0.x86_64.rpm | Linux |
| (CESA-2014:1912) Moderate: ruby security update ruby-devel-2.0.0.353-22.el7_0.x86_64.rpm | Linux |
| (CESA-2014:1912) Moderate: ruby security update ruby-doc-2.0.0.353-22.el7_0.noarch.rpm | Linux |
| (CESA-2014:1912) Moderate: ruby security update ruby-irb-2.0.0.353-22.el7_0.noarch.rpm | Linux |
| (CESA-2014:1912) Moderate: ruby security update ruby-libs-2.0.0.353-22.el7_0.i686.rpm | Linux |
| (CESA-2014:1912) Moderate: ruby security update ruby-libs-2.0.0.353-22.el7_0.x86_64.rpm | Linux |
| (CESA-2014:1912) Moderate: ruby security update ruby-tcltk-2.0.0.353-22.el7_0.x86_64.rpm | Linux |
| (CESA-2014:1912) Moderate: ruby security update rubygem-bigdecimal-1.2.0-22.el7_0.x86_64.rpm | Linux |
| (CESA-2014:1912) Moderate: ruby security update rubygem-io-console-0.4.2-22.el7_0.x86_64.rpm | Linux |
| (CESA-2014:1912) Moderate: ruby security update rubygem-json-1.7.7-22.el7_0.x86_64.rpm | Linux |
| (CESA-2014:1912) Moderate: ruby security update rubygem-minitest-4.3.2-22.el7_0.noarch.rpm | Linux |
| (CESA-2014:1912) Moderate: ruby security update rubygem-psych-2.0.0-22.el7_0.x86_64.rpm | Linux |
| (CESA-2014:1912) Moderate: ruby security update rubygem-rake-0.9.6-22.el7_0.noarch.rpm | Linux |
| (CESA-2014:1912) Moderate: ruby security update rubygem-rdoc-4.0.0-22.el7_0.noarch.rpm | Linux |
| (CESA-2014:1912) Moderate: ruby security update rubygems-2.0.14-22.el7_0.noarch.rpm | Linux |
| (CESA-2014:1912) Moderate: ruby security update rubygems-devel-2.0.14-22.el7_0.noarch.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234