VDB
GCVE-110-MAGEIA-2014-472
GCVE-110-MAGEIA-2014-472
Advisory Published
Will Wood discovered that Ruby incorrectly handled the encodes() function.
An attacker could possibly use this issue to cause Ruby to crash, resulting
in a denial of service, or possibly execute arbitrary code. The default
compiler options for affected releases should reduce the vulnerability to a
denial of service (CVE-2014-4975).
Due to an incomplete fix for CVE-2014-8080, 100% CPU utilization can occur as
a result of recursive expansion with an empty String. When reading text nodes
from an XML document, the REXML parser in Ruby can be coerced into allocating
extremely large string objects which can consume all of the memory on a
machine, causing a denial of service (CVE-2014-8090).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | ruby | 0 (affected), 1.9.3.p551-1.mga3 (unaffected) | — |
| Mageia | ruby | 0 (affected), 2.0.0.p598-1.mga4 (unaffected) | — |
Aliases
References
Browse GCVE Records
73,442 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.