Summary
This host is installed with Ruby and is
prone to denial-of-service vulnerability.
Impact
Successful exploitation will allow attackers
to cause a denial of service (crash) or possibly execute arbitrary code.
Impact Level: System/Application
Solution
Upgrade to Ruby 2.1.3 or later. For updates
refer http://www.ruby-lang.org
Insight
Flaw exists due to improper bounds checking
by the 'encodes' function in pack.c script.
Affected
Ruby versions 1.9.3 and earlier and 2.x
through 2.1.2 on Windows.
Detection
Get the installed version with the help of
detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-4975 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows)
- Denial Of Service Vulnerability in OpenSSL June-09 (Linux)
- COWON Media Center JetAudio .wav File Denial Of Service Vulnerability
- Firefox XUL Parsing Denial of Service Vulnerability (Win)
- F-Secure Policy Manager Server fsmsh.dll module DoS