Description

The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string.

Remediation

References

CVE-2014-3916

Related Vulnerabilities

OpenSSL Uncontrolled Resource Consumption Vulnerability (CVE-2016-8610)

Serendipity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11870)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-1148)

WordPress Plugin My Wish List Cross-Site Scripting (1.4.1)

WordPress Plugin iThemes Security (formerly Better WP Security) Cross-Site Scripting (4.6.12)

Severity

Medium

Classification

CVE-2014-3916

Tags

Missing Update Known Vulnerabilities