Ruby 'encodes' Function Denial-of-Service Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with Ruby and is prone to denial-of-service vulnerability.

Impact

Successful exploitation will allow attackers to cause a denial of service (crash) or possibly execute arbitrary code. Impact Level: System/Application

Solution

Upgrade to Ruby 2.1.3 or later. For updates refer http://www.ruby-lang.org

Insight

Flaw exists due to improper bounds checking by the 'encodes' function in pack.c script.

Affected

Ruby versions 1.9.3 and earlier and 2.x through 2.1.2 on Windows.

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://secunia.com/advisories/59731
http://svn.ruby-lang.org/repos/ruby/tags/v2_1_3/ChangeLog
http://www.osvdb.org/108971
http://xforce.iss.net/xforce/xfdb/94706
https://bugs.ruby-lang.org/issues/10019

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-4975

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows)
Connect back to SOCKS5 server
Dell OpenManage Web Server <= 3.7.1
Compaq Web SSI DoS
Apache Subversion 'mod_dav_svn' log REPORT Request DoS Vulnerability

Ruby 'encodes' function Denial-of-Service Vulnerability (Windows)

Take action and discover your vulnerabilities