VDB

GCVE-110-MAGEIA-2014-472

GCVE-110-MAGEIA-2014-472
Advisory Published
Vulnetix · Advisory published November 21, 2014
Will Wood discovered that Ruby incorrectly handled the encodes() function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service (CVE-2014-4975). Due to an incomplete fix for CVE-2014-8080, 100% CPU utilization can occur as a result of recursive expansion with an empty String. When reading text nodes from an XML document, the REXML parser in Ruby can be coerced into allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service (CVE-2014-8090).

Affected Products

VendorProductVersionsPlatforms
Mageiaruby0 (affected), 1.9.3.p551-1.mga3 (unaffected)
Mageiaruby0 (affected), 2.0.0.p598-1.mga4 (unaffected)

Browse GCVE Records

73,442 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›