Denial of Service Vulnerability in Ruby Products
CVE-2014-3916

Currently unrated

Key Information:

Vendor: Rubyonrails
Status: Rails
Vendor: CVE Published:; 16 November 2014

🔔 Create Rubyonrails Vulnerability Alert

What is CVE-2014-3916?

The str_buf_cat function in string.c for Ruby versions 1.9.3, 2.0.0, and 2.1 is prone to a denial of service vulnerability that can be exploited by context-dependent attackers. An attacker can craft a long string input that results in a segmentation fault, effectively crashing the application. This vulnerability highlights the risks associated with improper input handling and emphasizes the need for robust validation mechanisms in software development.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/93505

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/67705

vdb-entryx_refsource_BID

https://bugs.ruby-lang.org/issues/9709

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 16, 2014
Vulnerability Reserved
May 29, 2014