MGASA-2014-0472

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2014-4975 CVE-2014-8090

Published: 21 Nov 2014, 12:44

Last modified:16 Apr 2026, 06:26

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

21 Nov 2014, 12:44

Published

Vulnerability first disclosed

16 Apr 2026, 06:26

Last Modified

Vulnerability information updated

Description

Updated ruby packages fix security vulnerabilities Will Wood discovered that Ruby incorrectly handled the encodes() function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service (CVE-2014-4975). Due to an incomplete fix for CVE-2014-8080, 100% CPU utilization can occur as a result of recursive expansion with an empty String. When reading text nodes from an XML document, the REXML parser in Ruby can be coerced into allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service (CVE-2014-8090).

Affected Systems

mageia•ruby
< 1.9.3.p551-1.mga3
mageia•ruby
< 2.0.0.p598-1.mga4

MGASA-2014-0472

Vulnerability Summary

Timeline

Description

Affected Systems

References (6)